CVE-2022-20716

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on...

CVE-2022-20716 Cisco SD-WAN Solution Improper Access Control Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on...

Cisco SD-WAN Solution Improper Access Control Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on...

PT-2022-2713 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges due to improper access control on files within th...

Cisco SD-WAN Solution Improper Access Control (cisco-sa-sd-wan-file-access-VW36d28P)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files with...

CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

Design/Logic Flaw

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification...

CVE-2022-27152

CVE-2022-27152 affects RokuOS on devices using a Realtek WiFi chip with RokuOS 9.4.0 build 4200 or earlier. The vulnerability enables arbitrary file modification. The available connected sources indicate the affected platform and version range; no explicit root cause details are provided in the d...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:0822-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0822-1 advisory. - An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable...

Mozilla: Time-of-check time-of-use bug when verifying add-on signatures

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

Mozilla: Time-of-check time-of-use bug when verifying add-on signatures

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" CVE-2022-0847,...

PT-2022-6571 · Icl · Icl Scadaflex Ii Scada Controller Sc-1 +1

Name of the Vulnerable Software and Affected Versions: ICL ScadaFlex II SCADA Controller SC-1 and SC-2 version 1.03.07 Description: The issue is related to the lack of an authentication procedure, allowing unauthenticated remote attackers to overwrite, delete, or create files on the device. This...

CVE-2022-24671

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on...

CVE-2022-24671

CVE-2022-24671 is a local privilege-escalation vulnerability in Trend Micro Antivirus for Mac. The flaw resides in the post-update handling (program_after_update) where an attacker can abuse symbolic links to modify a file during the update process, enabling privilege escalation to root if low-pr...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification

!/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page: http://www.iclinks.com Product datasheet:...

ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification Exploit

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability. !/usr/bin/env python3 -...