Design/Logic Flaw

A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to t...

CVE-2023-5463 XINJE XDPPro cfgmgr32.dll uncontrolled search path

A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to t...

CVE-2023-5463

Summary: CVE-2023-5463 affects XINJE XDPPro up to 3.7.17a. Affected component: library cfgmgr32.dll, issue: uncontrolled search path due to a code/config issue. Impact appears local with potential for high confidentiality/integrity/availability impact as per CVSS data; exploitation has been discl...

CVE-2023-36123

Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information...

CVE-2023-21252

CVE-2023-21252 affects Android’s WifiConfigurationUtil.java, specifically its validatePassword function. The root cause is improper input validation, which can cause the device to boot loop and result in local denial of service without requiring user interaction. The issue is categorized as DoS w...

CVE-2023-30692

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities...

CVE-2023-30732

CVE-2023-30732 affects Samsung Mobile devices running the SMR Oct-2023 Release 1. It arises from improper access control in a system property, enabling a local attacker to obtain the CPU serial number. Remediation is to update to SMR Oct-2023 Release 1 or later (per listed advisories).

PT-2023-22891 · Evaluator · Evaluator

Name of the Vulnerable Software and Affected Versions: Evaluator versions prior to SMR Oct-2023 Release 1 Description: The issue is related to improper input validation, allowing local attackers to launch privileged activities. This can be exploited by local attackers. Recommendations: For versio...

Design/Logic Flaw

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may ...

Design/Logic Flaw

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun1400084d0 function in IREC.sys driver...

AlmaLinux 8 : kernel-rt (ALSA-2023:5255)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5255 advisory. - A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw...

CVE-2023-4088

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service DoS condition, if the...

CVE-2023-32184

OpenSUSE opensuse-welcome CVE-2023-32184 is an insecure storage vulnerability impacting versions 0.1 before 0.1.9+git.35.4b9444a, allowing local attackers to execute code as the user running opensuse-welcome via a manipulated custom layout. The connected OSV entry confirms a fix in opensuse-welco...

CVE-2023-5012

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...

CVE-2023-5012 Topaz OFD Protection Module Warsaw core.exe unquoted search path

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...

CVE-2023-5012

The CVE-2023-5012 issue affects Topaz OFD version 2.11.0.201, specifically the Warsaw Protection Module core.exe component located under C:\Program Files\Topaz OFD\Warsaw\core.exe. The root cause is an unquoted search path, enabling local attacker access. There is no indication of remote exploita...

Code injection

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...