CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files...

OctoPrint 安全漏洞

OctoPrint is an open source application from OctoPrint. Provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint version 1.10.2 and prior versions. An attacker exploiting this vulnerability could retrieve or modify sensitive configuration...

CVE-2024-42022

CVE-2024-42022 is an incorrect permission assignment vulnerability affecting multiple Veeam products (e.g., Veeam ONE, Backup & Replication, and related components). The threat allows an attacker to modify product configuration files via a local/privilege-related path, as described across connect...

CVE-2024-42022

An incorrect permission assignment vulnerability allows an attacker to modify product configuration files...

Lenovo printers license issue vulnerability

Lenovo Printers is a printer from the Chinese company Lenovo. Lenovo Printers suffers from an authorization issue vulnerability that originates from a standard user being able to directly manipulate and set printer configuration information, such as the IP of certain Lenovo printers, without...

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

CVE-2023-39286

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...

RLSA-2023:4706 Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Rocky Enterprise Software Foundation entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allow...

CVE-2023-30640

Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration...

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

CVE-2023-20113

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

CVE-2023-20113

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

Design/Logic Flaw

Creative Cloud version 5.9.1 and earlier is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources...

SUSE CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

PT-2023-2041 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to a Directory Traversal Vulnerability in the SolarWinds Platform, which allows a local adversary with authenticated account access to edit the default...

CVE-2021-28052

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...

CVE-2022-20735

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

PT-2022-2643 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affecte...

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...