Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Cross-Site Request Forgery (CSRF) in

Description CSRF led to change permissions of participant in Edit Assignment sessions. Proof of Concept Payload: https://drive.google.com/file/d/1dHY9CS6R4mKM4F0im5n1aUxFamMEjbAa/view?usp=sharing Video PoC: https://drive.google.com/file/d/1AdDFE-qOF-EvVEJzzXKguMfr6ZkXXEx/view?usp=drivelink...

Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on Microsoft PC Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain...

GHSA-86C6-3G63-5W64 Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability

The Vault and Vault Enterprise "Vault" Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0...

Siemens Spectrum Power 7

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

UBUNTU-CVE-2023-4881

Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team...

PT-2024-14770

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to an unintentional integer overflow in the Linux kernel, specifically in the drm/mediatek component. The problem arises from multiplying two variables of different...

CVE-2023-4777 Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins and to connect to an...

CVE-2023-4777 Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins and to connect to an...

CVE-2023-32162

Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2023-32162 Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2023-32162 Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on...

The vulnerability of the SICAM TOOLBOX II engineering software allows a intruder to gain access to confidential data and enhance their privileges.

The vulnerability of the SICAM TOOLBOX II engineering software is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data and enhance their privileges...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

The vulnerability of the OPC UA Server software for integration systems and automation devices in industrial applications allows a perpetrator to trigger a service failure.

The vulnerability of the OPC UA Server software for integration systems and automation devices in industrial applications is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Design/Logic Flaw

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform for creating and managing fast, secure and dynamic virtual overlay networks using WireGuard from Gravitl USA. For creating and controlling automated virtual networks. A security vulnerability exists in Gravitl Netmaker versions prior to 0.18.6, which stems from a bu...

(0Day) LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product...

PT-2023-23590

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in...

CVE-2023-38734

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481...