PT-2023-31827 · Huawei · Honor

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue is related to incorrect privilege assignment, which could lead to device service exceptions if successfully exploited. Recommendations: At the moment, there is no informati...

PT-2023-18935

Name of the Vulnerable Software and Affected Versions Honor products affected versions not specified Description The issue is related to incorrect privilege assignment, which could lead to device service exceptions if successfully exploited. Recommendations At the moment, there is no information...

PT-2023-18934

Name of the Vulnerable Software and Affected Versions Honor products affected versions not specified Description The issue is related to incorrect privilege assignment, which could lead to device service exceptions if successfully exploited. Recommendations At the moment, there is no information...

(0Day) Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the produc...

CVE-2023-0757

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

CVE-2023-46141

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device...

Code injection

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device...

CVE-2023-46142 PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...

CVE-2023-46142

CVE-2023-46142 concerns Phoenix Contact PLCnext Control devices. The issue is an incorrect permission assignment for critical resources that could let a remote attacker with low privileges gain full control of the affected devices. Public sources in the provided documents consistently identify PL...

CVE-2023-46141 Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device...

CVE-2023-46141

CVE-2023-46141 affects Phoenix Contact Automation Worx and classic line controllers. The issue is an incorrect permission assignment for a critical resource that can be exploited remotely by an unauthenticated attacker to gain full control of the affected device. Affects multiple products in the ...

CVE-2023-0757

CVE-2023-0757 affects Phoenix Contact Multiprog and ProConOS eCLR (SDK). Description: an incorrect permission assignment for a critical resource allows an unauthenticated, remote attacker to upload arbitrary malicious code and gain full control of the affected device. Exploitation details or in‑t...

CVE-2023-0757 Phoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device...

Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to pointer naming errors, allows attackers to trigger a service failure.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Incorrect Permission Assignment for Critical Resource

In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

The vulnerability of the graphics driver of Intel microprogramming software allows a hacker to trigger a service failure.

The vulnerability of the graphics driver of Intel microprogramming systems is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of the MySQL Server component of the Oracle MySQL database management system, related to improper privilege assignment, allows attackers to execute DoS attacks.

The vulnerability of the MySQL Server component of the Oracle MySQL database management system is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to carry out a DoS Denial-of-Service attack remotely...

CBL Mariner 2.0 Security Update: azcopy / cni / containernetworking-plugins / cri-o / git-lfs / golang / kata-containers (CVE-2022-29526)

The version of azcopy / cni / containernetworking-plugins / cri-o / git-lfs / golang / kata-containers installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29526 advisory. - Go before 1.17.10 and 1.18....

CVE-2023-6179 Incorrect Permission assignment to program executable folders

Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folders. An attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most...