43 matches found
EUVD-2023-32668
Malicious code in bioql PyPI...
EUVD-2023-32664
Malicious code in bioql PyPI...
EUVD-2023-32669
Malicious code in bioql PyPI...
EUVD-2023-32663
Malicious code in bioql PyPI...
CVE-2023-29066
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders...
CVE-2023-29063
The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...
CVE-2023-29065
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...
CVE-2023-29061
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication...
CVE-2023-29064
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...
CVE-2023-29062
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes...
CVE-2023-29065
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...
CVE-2023-29064
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...
CVE-2023-29063
The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...
Design/Logic Flaw
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes...
Information disclosure
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...
Information disclosure
The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...
Hardcoded credentials
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...
CVE-2023-29066
BD FACSChorus software (v5.0, v5.1, v3.0, v3.1) contains an improper privilege/permission handling flaw (CVE-2023-29066) where non-administrative OS accounts can modify data in local application folders. This root cause is described across multiple sources (NVD entry and CVE list) with a base sco...
CVE-2023-29066 Incorrect User Management
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders...
CVE-2023-29065 Overly Permissive Access Policy
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...