CWE:
 

Tytuł
Data
Autor
High
Wordpress Plugin XCloner 4.2.12 Remote Code Execution (Authenticated)
07.07.2021
Ron Jost
High
WordPress XCloner 4.2.12 Remote Code Execution
02.07.2021
Ron Jost
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-04-12
Waiting for details
CVE-2024-22334

Updating...
 

 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.

 
2024-03-26
Waiting for details
CVE-2024-25956

Updating...
 

 
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.

 
2024-02-09
Waiting for details
CVE-2023-50292

Updating...
 

 
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.

 
2024-02-02
Waiting for details
CVE-2023-47564

Updating...
 

 
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

 
Waiting for details
CVE-2020-24681

Updating...
 

 
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.

 
2024-01-09
Waiting for details
CVE-2023-44120

Updating...
 

 
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access.

 
2023-12-14
Waiting for details
CVE-2023-46142

Updating...
 

 
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

 
Waiting for details
CVE-2023-46141

Updating...
 

 
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

 
Waiting for details
CVE-2023-0757

Updating...
 

 
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.

 
2023-12-12
Waiting for details
CVE-2023-42924

Updating...
 

 
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top