CVE-2021-0683

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

TencentOS Server 3: java-21-openjdk security update for RHEL 8.10, 9.4 and 9.5 (Moderate) (TSSA-2025:0683)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0683 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

CVE-2020-0683

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686...

CVE-2013-0683

The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service incorrect pointer access and client cra...

CVE-2024-0683

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and...

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

CVE-2025-0683

creationtimestamp| type| source ---|---|--- 2025-01-30 18:23:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113918699513994287 2025-01-30 22:30:06+00:00| seen| https://bsky.app/profile/mytechnotalent.bsky.social/post/3lgyjvwampk2s 2025-01-30 22:38:34+00:00| seen|...

CVE-2025-0683

CVE-2025-0683 affects the Contec Health CMS8000 Patient Monitor. In its default configuration, the device transmits plain‑text patient data to a hard‑coded public IP, enabling potential data leakage to any device on that IP and exposing patients to MITM risks. Connected sources confirm a firmware...

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

Security Bulletin: Multiple Vulnerabilities in XCC affect IBM Cloud Pak System

Summary Multiple Vulnerabilities in XClarity Controller XCC affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-4607 DESCRIPTION: Lenovo XClarity Controller XCC could allow a remote...

Photon OS 3.0: Zchunk PHSA-2023-3.0-0683

An update of the zchunk package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0683. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

WordPress Bulgarisation for WooCommerce Plugin <= 3.0.14 is vulnerable to Broken Access Control

Software Bulgarisation for WooCommerce Type Plugin Vulnerable versions = 3.0.14 Fixed in 3.0.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0683 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9bca55e3b9c3 Credits Francesc...

Critical Photon OS Security Update - PHSA-2023-3.0-0683

Updates of 'librdkafka', 'zchunk' packages of Photon OS have been released...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

CVE-2023-0683

CVE-2023-0683 affects Lenovo XClarity Controller (XCC). A valid, authenticated XCC user with read-only access can gain elevated privileges via a specially crafted API call. Exploitation context and impact are described in multiple sources (high risk, network access). Remediation: IBM Cloud Pak Sy...

CVE-2022-0683

CVE-2022-0683 affects the WordPress plugin WordPress Essential Addons for Elementor Lite. The vulnerability is a Cross-Site Scripting (XSS) due to insufficient escaping and sanitization of the settings parameter found in includes/Traits/Helper.php, exploitable when a user clicks a crafted link. A...