CVE-2023-6179 Incorrect Permission assignment to program executable folders

Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folders. An attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most...

CVE-2023-44350 ColdFusion | Deserialization of Untrusted Data (CWE-502)

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

The vulnerability of the NMI component of the authentication management software in Kubernetes clusters – AAD Pod Identity – involves bypassing the verification token, allowing attackers to elevate their privileges.

The vulnerability of the NMI component in the Kubernetes AAD Pod Identity authentication management tool is related to errors in token assignment restrictions. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2023-5913

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1...

CVE-2023-5913

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1...

CVE-2023-5913 A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1...

CVE-2023-5913 A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1...

CVE-2023-5913

CVE-2023-5913 affects OpenText Fortify ScanCentral DAST. Root cause: Incorrect Privilege Assignment in the DAST API, enabling possible elevated privileges. Affected versions per sources: 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1 (PT-2023-8579 also lists 21.1 through 23.1). Impact: potential pr...

Information disclosure

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file...

CVE-2023-5136 Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file...

kernel: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

kernel: ASoC: fsl_mqs: move of_node_put() to the correct location

In the Linux kernel, the following vulnerability has been resolved: ASoC: fslmqs: move ofnodeput to the correct location ofnodeput should have been done directly after mqspriv-regmap = sysconnodetoregmapgprnp; otherwise it creates a reference leak on the success path. To fix this, ofnodeput is...

kernel: rxrpc: Make it so that a waiting process can be aborted

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5337)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5337 advisory. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVE-2022-24675 - regexp.Compile ...

Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attac...

PT-2023-9667 · Cisco · Cisco Unified Contact Center Enterprise +1

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise Chat and Email ECE affected versions not specified Description: A vulnerability in the External Agent Assignment Service EAAS feature could allow an unauthenticated, remote attacker to cause a denial of service DoS condition ...

PT-2023-8579 · Opentext · Opentext Fortify Scancentral Dast

Name of the Vulnerable Software and Affected Versions: opentext Fortify ScanCentral DAST versions 21.1 through 23.1 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST, which could be exploited to gain elevated privileges. This...

Malicious code in ch-frontend-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 92c955a3b8b209ddf9f49a5b749724ccfbb0bdd4c9941bb6f327c4b83e193d81 The OpenSSF Package Analysis project identified 'ch-frontend-assignment' @ 0.1.0 npm as malicious. It is considered malicious because: - The...

MAL-2023-8437 Malicious code in ch-frontend-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 92c955a3b8b209ddf9f49a5b749724ccfbb0bdd4c9941bb6f327c4b83e193d81 The OpenSSF Package Analysis project identified 'ch-frontend-assignment' @ 0.1.0 npm as malicious. It is considered malicious because: - The...

CVE-2023-42489

EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource...