CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-03-31
Waiting for details
CVE-2024-3118

Updating...
 

 
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2023-12-13
Waiting for details
CVE-2023-6762

Updating...
 

 
A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.

 
2023-09-29
Waiting for details
CVE-2023-5263

Updating...
 

 
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.

 
2023-07-19
Waiting for details
CVE-2023-3759

Updating...
 

 
A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2022-05-19
Waiting for details
CVE-2020-14496

Updating...
 

 
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

 
2021-03-24
Medium
CVE-2021-1437

Vendor: Cisco
Software: Wireless lan...
 

 
A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

 
2019-09-06
Medium
CVE-2018-18630

Vendor: Changehealthcare
Software: Cardiology f...
 

 
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.

 
2019-09-05
Medium
CVE-2019-2175

Vendor: Google
Software: Android
 

 
In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

 
Low
CVE-2019-13361

Vendor: Smanos
Software: W100 firmware
 

 
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.

 
Medium
CVE-2019-2177

Vendor: Google
Software: Android
 

 
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top