PT-2023-22115 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue concerns a scenario where a valid XCC user's local account permissions take precedence over their active directory permissions under specific configurations, potentially leading to a...

GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

CVE-2020-27488

Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...

Loxone Miniserver 授权问题漏洞

Loxone Miniserver is a server that provides energy management and monitoring functions for automation of equipment and homes in buildings and houses by Loxone Corporation. Loxone Miniserver version 11.1.9.3 previously had an authorization issue vulnerability that arose from the inability of devic...