Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29860 | 1 Dtstack | 1 Taier | 2023-06-30 | N/A | 7.5 HIGH |
| An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. | |||||
| CVE-2022-0277 | 1 Microweber | 1 Microweber | 2023-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-21939 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2023-06-27 | N/A | 6.1 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
| CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2023-06-26 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||||
| CVE-2023-34154 | 1 Huawei | 1 Harmonyos | 2023-06-26 | N/A | 8.2 HIGH |
| Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. | |||||
| CVE-2023-2876 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2023-06-26 | N/A | 6.1 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. | |||||
| CVE-2023-30897 | 1 Siemens | 1 Wincc | 2023-06-26 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2023-34797 | 1 Temenos | 1 Cwx | 2023-06-26 | N/A | 5.4 MEDIUM |
| Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | |||||
| CVE-2022-25151 | 1 Itarian | 2 On-premise, Saas Service Desk | 2023-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. | |||||
| CVE-2022-25172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2023-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie. | |||||
| CVE-2023-31142 | 1 Discourse | 1 Discourse | 2023-06-23 | N/A | 5.3 MEDIUM |
| Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose. | |||||
| CVE-2022-21946 | 1 Opensuse | 2 Cscreen, Factory | 2023-06-22 | 4.6 MEDIUM | 5.3 MEDIUM |
| A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | |||||
| CVE-2023-33695 | 1 Hutool | 1 Hutool | 2023-06-21 | N/A | 7.1 HIGH |
| Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | |||||
| CVE-2022-33163 | 1 Ibm | 1 Security Directory Suite Va | 2023-06-21 | N/A | 8.1 HIGH |
| IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. | |||||
| CVE-2022-31465 | 1 Siemens | 1 Xpedition Designer | 2023-06-13 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2022-41766 | 1 Mediawiki | 1 Mediawiki | 2023-06-05 | N/A | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). | |||||
| CVE-2023-32303 | 1 Planet | 1 Planet | 2023-05-26 | N/A | 5.5 MEDIUM |
| Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. | |||||
| CVE-2023-28522 | 1 Ibm | 1 Api Connect | 2023-05-22 | N/A | 8.8 HIGH |
| IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | |||||
| CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2023-05-16 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | |||||
| CVE-2023-0834 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2023-05-09 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | |||||