Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

PT-2024-20119 · Unifier +1 · Unifier +1

Name of the Vulnerable Software and Affected Versions: Unifier and Unifier Cast versions 5.0 or later Description: The issue is related to incorrect default permissions. If exploited, it may allow arbitrary code execution with LocalSystem privilege, potentially leading to the installation of...

PT-2024-26929 · Unifier +1 · Unifier +1

Name of the Vulnerable Software and Affected Versions: Unifier and Unifier Cast versions 5.0 or later Description: A missing authorization issue allows for the execution of arbitrary code with LocalSystem privilege if exploited. This could result in the installation of malicious programs,...

Multiple vulnerabilities in Unifier and Unifier Cast

Overview Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 - CVE-2024-23847 Missing Authorization for coejobhook Command Execution CWE-862 - CVE-2024-36246...

CVE-2024-0159

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system...

CVE-2024-0159

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system...

CVE-2024-0159

Dell Alienware Command Center (Dell Alienware Command Center) vulnerable due to improper access control in versions 5.5.52.0 and earlier, enabling local Denial of Service on the host. The issue is documented as CVE-2024-0159 and is supported by multiple sources, including PT-2024-5632 which provi...

CVE-2024-0259

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to ga...

CVE-2024-0259

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is vulnerable to privilege escalation. A low-privileged user can overwrite the service executable; upon service restart, the replaced binary runs with SYSTEM privileges. Affected: Windows agents before 3.04. Mitigation: up...

PT-2024-13955 · Sikka · Sikka Sscwindowsservice

Name of the Vulnerable Software and Affected Versions: Sikka SSCWindowsService version 5 2023-09-14 Description: The issue allows low-privileged users to execute arbitrary code as LocalSystem due to full control being granted to them. This is possible because low-privileged users have write acces...

CVE-2024-28851

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a helper script for the Hive MetaStore Connector. A malicious insider without admin privileges...

CVE-2024-28851 Elevation of privilege in Snowflake Hive MetaStore Connector Helper script

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a helper script for the Hive MetaStore Connector. A malicious insider without admin privileges...

CVE-2024-28851 Elevation of privilege in Snowflake Hive MetaStore Connector Helper script

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a helper script for the Hive MetaStore Connector. A malicious insider without admin privileges...

CVE-2024-20037

In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937...

CVE-2024-24828

An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...

Apprite CLI makes Use of Hard-coded Credentials

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

CVE-2023-32891

In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559...

CVE-2023-6381

Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file file with SMB extension to a user via a link or email attachment and persuade the user to open the file...