59 matches found
EUVD-2022-46022
Malicious code in bioql PyPI...
EUVD-2021-9851
Malicious code in bioql PyPI...
EUVD-2024-0595
Malicious code in bioql PyPI...
CVE-2024-31202
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation...
CVE-2024-31202
CVE-2024-31202 concerns ThermoscanIP. Root cause: CWE-732 — incorrect permission assignment for a critical resource in the ThermoscanIP installation folder. This misconfiguration enables a local attacker with low privileges and no user interaction to achieve Local Privilege Escalation. CVSSv3.1 m...
CVE-2024-31202
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation...
Rockwell Automation Pavilion 8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion 8 Vulnerability : Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
Design/Logic Flaw
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
CVE-2023-34042
The CVE-2023-34042 issue concerns the Spring Security spring-security-config jar where the spring-security.xsd file is world-writable. This enables a local authenticated attacker to write the file, reflecting CWE-732: Incorrect Permission Assignment for Critical Resource. The connected IBM and OS...
Siemens Spectrum Power 7
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2023-42489
The CVE-2023-42489 entry concerns EisBaer Scada with a root cause of Incorrect Permission Assignment for Critical Resource (CWE-732). Affected software is EisBaer Scada; the vulnerability is tied to misconfigured permissions on critical resources, enabling high-impact exposure (C/H I/H A/H per CV...
Siemens SINEC NMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Spectrum Power 7
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Parasolid Installer
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...
Checkmk 2.1.x < 2.1.0p27 Improper Permission Handling Vulnerability
Checkmk is prone to an improper permission handling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Fortinet FortiClient pipe object (FG-IR-22-429)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-429 advisory. - Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a...
Race condition
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...