Multiple vulnerabilities in Panasonic KW Watcher

Overview KW Watcher provided by Panasonic contains multiple vulnerabilities listed below. Improper restriction of operations within the bounds of a memory buffer CWE-119 - CVE-2023-3471 Use after free CWE-416 - CVE-2023-3472 Michael Heinzl reported these vulnerabilities to Panasonic and...

The software’s vulnerability allows for manipulation of data in the configuration files, enabling a intruder to alter the operation and monitoring of the Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC automated control and protection systems.

The vulnerability of the software for managing and monitoring automatic control and protection systems, such as Schweitzer Engineering Laboratories SEL-5033 AcSelerator RTAC, is related to the improper assignment of permissions to critical resources. Exploiting this vulnerability could allow an...

CVE-2022-47558

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...

CVE-2022-47558

Affected products: Ormazabal ekorCCP and ekorRCI. The vulnerability arises from FTP service access using default credentials, allowing an attacker to modify critical files, create/delete users, alter configuration files, and potentially install rootkits or backdoors. Documents from multiple sourc...

CVE-2022-47558 Improper Access Control in Ormazabal products

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

Authentication flaw

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

CVE-2023-4400

Skyhigh Secure Web Gateway (SWG) is affected: versions 11.x prior to 11.2.14, 10.x prior to 10.2.25, and 12.x prior to 12.2.1 contain a password-management issue where authentication information stored in configuration files can be extracted via the SWG REST API because passwords are stored in pl...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

[SECURITY] Fedora 37 Update: libeconf-0.5.2-1.fc37

libeconf is a highly flexible and configurable library to parse and manage key=3Dvalue configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it...

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballistic Bobcat...

[SECURITY] Fedora 39 Update: libeconf-0.5.2-1.fc39

libeconf is a highly flexible and configurable library to parse and manage key=3Dvalue configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it...

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

Design/Logic Flaw

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

Path traversal

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...