Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-41743

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.

CVE
Open in Source
#windows
CVE-2022-45451

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.

CVE-2023-41742

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

CVE-2022-46868

Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.

CVE-2023-41642: Disclosure/CVE PoC/CVE-ID | RealGimm - Reflected Cross-site Scripting.md at main · CapgeminiCisRedTeam/Disclosure

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.

CVE-2023-41635: Disclosure/CVE PoC/CVE-ID | RealGimm - XML External Entity Injection.md at main · CapgeminiCisRedTeam/Disclosure

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.

CVE-2023-33835: IBM Security Verify Information Queue information disclosure CVE-2023-33835 Vulnerability Report

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.

CVE-2023-41638: Disclosure/CVE PoC/CVE-ID | RealGimm - RCE via Unrestricted File Upload.md at main · CapgeminiCisRedTeam/Disclosure

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.

CVE-2023-41640: Disclosure/CVE PoC/CVE-ID | RealGimm - Information disclosure.md at main · CapgeminiCisRedTeam/Disclosure

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.

CVE-2023-41637: Disclosure/CVE PoC/CVE-ID | RealGimm - Stored Cross-site Scripting.md at main · CapgeminiCisRedTeam/Disclosure

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.