CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32264
https://notcve.org/view.php?id=CVE-2023-32264
08 Mar 2024 — CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer. Vulnerabilidad CWE-1385 en OpenText Documentum D2 que afecta a las versiones 16.5.1 a CE 23.2. La vulnerabilidad podría permitir cargar código arbitrario y ejecutarlo en el ordenador del cliente. CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0799355 • CWE-1385: Missing Origin Validation in WebSockets •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0454 – Security Vulnerability on Match-on-Chip FPR Architecture
https://notcve.org/view.php?id=CVE-2024-0454
12 Jan 2024 — ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform. La solución ELAN Match-on-Chip FPR tiene un error de diseño sobre el riesgo potencial de fuga de SID válido y enumeración con sensor falso. Este ... • https://github.com/advisories/GHSA-w3jx-33qh-77f8 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32458
https://notcve.org/view.php?id=CVE-2023-32458
27 Sep 2023 — Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. Dell AppSync, versiones 4.4.0.0 a 4.6.0.0, incluidas las versiones de Service Pack, contiene una vulnerabilidad de control de acceso inadecuado en el componente Embedded Service Enabler. Un usuario malintencionado local podrí... • https://www.dell.com/support/kbdoc/en-us/000218038/dsa-2023-331-dell-emc-appsync-security-update-for-dell-embedded-service-enabler-vulnerability • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-5346
https://notcve.org/view.php?id=CVE-2020-5346
15 Apr 2020 — RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser. RSA Authentication Manager vers... • https://community.rsa.com/docs/DOC-111347 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-5340
https://notcve.org/view.php?id=CVE-2020-5340
25 Mar 2020 — RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser. ... • https://community.rsa.com/docs/DOC-111092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-5339
https://notcve.org/view.php?id=CVE-2020-5339
25 Mar 2020 — RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser. RSA Authentication Manag... • https://community.rsa.com/docs/DOC-111092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-3768
https://notcve.org/view.php?id=CVE-2019-3768
03 Jan 2020 — RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message. RSA Authentication Manager versiones anteriores a la versión 8.4 P7, contienen una vulnerabilidad de tipo XML Entity Injection. Un usuario malicioso autenticado remoto podría explotar esta vulnerabilidad para causar una divulgación ... • https://www.dell.com/support/security/en-us/details/DOC-108320/DSA-2019-148-RSA®%3B-Authentication-Manager-Software-XML-Entity-Injection-Vulnerability • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18574
https://notcve.org/view.php?id=CVE-2019-18574
03 Dec 2019 — RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. El software RSA Authentication Manager versiones ... • https://www.dell.com/support/security/en-us/details/DOC-109297/DSA-2019-168-RSA®%3B-Authentication-Manager-Software-Stored-Cross-Site-Scripting-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3733
https://notcve.org/view.php?id=CVE-2019-3733
30 Sep 2019 — RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. RSA BSAFE Crypto-C Micro Edition, todas las versiones anteriores a 4.1.4, es susceptible a tres (3) vulnerabilidades diferentes de Borrado Inapropiado de la Memoria de la Pila ... • https://www.dell.com/support/kbdoc/000194054 • CWE-316: Cleartext Storage of Sensitive Information in Memory CWE-459: Incomplete Cleanup •