CVE-2023-3116 Liteos-A has a incorrect default permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions...

PT-2023-7205 · Hikvision · Hikvision Nvr

Name of the Vulnerable Software and Affected Versions: Hikvision NVR/DVR models affected versions not specified Description: The issue is related to a buffer overflow in the password recovery feature. This could allow an attacker on the same local area network LAN to cause the device to malfuncti...

kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

There are 3 CVEs for the use-after-free flaw found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. A local user could use any of these flaws to crash the system or potentially escalate their privileges on the system...

Trend Micro Apex One CNTAoSMgr Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Exploit for SQL Injection in Code-Projects Blood_Bank

CVE-2023-46018-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vuln...

CVE-2023-47611

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targete...

CVE-2023-47614

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual path...

Design/Logic Flaw

A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a...

CVE-2023-47615

A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a...

Information disclosure

In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-43357

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component...

Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Jazz Reporting Services.

Summary IBM Jazz Reporting Service Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation...

CVE-2023-32634

An authentication bypass vulnerability exists in the CiRpcServerThread functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability...

CVE-2023-32634

CVE-2023-32634 affects SoftEther VPN (CiRpcServerThread) and enables an authentication bypass that can be exploited by a local attacker to mount a man-in-the-middle and access/modify communications. Public listings consistently name SoftEther VPN versions 5.01.9674 and 4.41-9782-beta as affected,...

CVE-2023-32634

An authentication bypass vulnerability exists in the CiRpcServerThread functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability...

CVE-2023-42298

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the QDecCoordOnUnitSphere function of file src/bifs/unquantize.c...

SoftEther VPN Security Vulnerability

SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN version 5.01.9674 and 4.41-9782-beta, which stems from an authentication bypass vulnerability in the CiRpcServerThread function. An attacker ca...

CVE-2023-5477

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. Chromium security severity: Low...

kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nftpipaporemove function with the element, without a NFTSETEXTKEYEND. This issue could allow a local user to crash the system or potentially escalate their privileges on the system...

CVE-2023-5463

A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to t...