Multiple vulnerabilities in SKYSEA Client View

Overview SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 - CVE-2024-41139 Origin validation error in shared memory data exchanges CWE-3...

PT-2024-29292 · Unknown · Skysea Client View

Name of the Vulnerable Software and Affected Versions: SKYSEA Client View versions 3.013.00 through 19.210.04e Description: The issue allows an arbitrary process to be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed. This is due to...

SKYSEA Client View 安全漏洞

SKYSEA Client View is a software that supports information leakage countermeasures and IT operations management from SKYSEA Japan. A security vulnerability exists in SKYSEA Client View versions 3.013.00 through 19.210.04e, which stems from the presence of an Origin Validation Error vulnerability...

JVN#84326763: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-41139 Origin...

CVE-2024-5549

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as...

CVE-2024-5549 Data leak through CORS misconfiguration in stitionai/devika

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as...

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

Remote code execution

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

CVE-2024-25996 PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

CVE-2024-25996 PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

CVE-2024-25996

CVE-2024-25996 affects PHOENIX CONTACT CHARX SEC devices (CHARX SEC-3000 family). The root cause is an origin validation error that enables an unauthenticated remote attacker to execute arbitrary code remotely. Impact is remote code execution with high severity; exploit appears network-proximate ...

CVE-2024-24782 HIMA: Origin Validation Error in multiple products

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a...

Origin Validation Error

Google Chrome is vulnerable to Origin Validation Error. The vulnerability is caused due to the Incorrect security UI that can allow a remote attacker to potentially spoof security UI via a crafted HTML page. This can lead to compromising Integrity of the system...

Trend Micro Apex One CNTAoSMgr Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Siemens SIPROTEC 4 7SJ66

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...