Lucene search
K

2874 matches found

Prion
Prion
added 2023/09/05 11:15 p.m.33 views

Path traversal

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

4.3CVSS7.8AI score0.00183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/05 10:55 p.m.42 views

CVE-2023-4487 GE Digital CIMPLICITY Process Control

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS8AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2023/09/04 12:15 p.m.15 views

CVE-2023-4587

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server...

8.3CVSS8AI score0.00209EPSS
Exploits0References1
Prion
Prion
added 2023/09/04 12:15 p.m.17 views

Information disclosure

UNSUPPPORTED WHEN ASSIGNED An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server...

1.7CVSS5.3AI score0.00209EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.23 views

PT-2023-29736 · Zkteco · Zkteco Zem800

Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...

8.3CVSS6.7AI score0.00209EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/09/02 12:0 a.m.18 views

Fedora: Security Advisory for libeconf (FEDORA-2023-6432bb65ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS8.2AI score0.00636EPSS
Exploits0References2
Fedora
Fedora
added 2023/09/01 1:31 a.m.40 views

[SECURITY] Fedora 38 Update: libeconf-0.5.2-1.fc38

libeconf is a highly flexible and configurable library to parse and manage key=3Dvalue configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it...

6.5CVSS7AI score0.00636EPSS
Exploits0
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.7 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...

5CVSS6.8AI score0.00393EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.5 views

PT-2023-5398 · Schweitzer Engineering Laboratories · Sel-5033 Acselerator Rtac

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software versions prior to 1.35.151.21000 Description: The issue is related to incorrect permission assignment for a critical resource, allowing an attacker to manipulate data in...

7.4CVSS5.4AI score0.00134EPSS
Exploits0References6
OSV
OSV
added 2023/08/11 8:15 p.m.3 views

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

7.5CVSS5.8AI score0.01131EPSS
Exploits2References4
Prion
Prion
added 2023/08/11 8:15 p.m.19 views

Hardcoded credentials

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

5CVSS7.5AI score0.01131EPSS
Exploits2References4Affected Software6
Cvelist
Cvelist
added 2023/08/11 12:0 a.m.30 views

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

7.7AI score0.01131EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.13 views

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

6.8AI score0.01131EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/08/11 12:0 a.m.39 views

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

7.7AI score0.01131EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/08/11 12:0 a.m.8 views

PT-2023-18797 · Audiocodes · Audiocodes Voip Desk Phones

Name of the Vulnerable Software and Affected Versions: AudioCodes VoIP desk phones versions through 3.4.4.1000 Description: An issue was discovered due to the use of a hard-coded cryptographic key, allowing an attacker to decrypt encrypted configuration files and retrieve sensitive information...

7.5CVSS7.4AI score0.01131EPSS
Exploits2References11
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.13 views

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

6.7AI score0.01131EPSS
Exploits2References4
OSV
OSV
added 2023/08/10 8:9 p.m.22 views

GHSA-PV7Q-V9MV-9MH5 1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. Details In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameterpath. The request parameters are not...

7.5CVSS7.3AI score0.0082EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/08/10 8:9 p.m.38 views

1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. Details In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameterpath. The request parameters are not...

7.5CVSS6.4AI score0.0082EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.4 views

1Panel Path Traversal Vulnerability

1Panel is an open source Linux server O&M panel for the Chinese 1panel community. A path traversal vulnerability exists in 1Panel version 1.4.3. An attacker can exploit this vulnerability to read any important configuration file on the server...

7.5CVSS6.7AI score0.0082EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/10 12:0 a.m.37 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

7.5CVSS6.8AI score0.0082EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder