PT-2022-25106 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to T13 Description: The issue is related to improper handling of insufficient permissions in the setSecureFolderPolicy function within the PersonaManagerService. This allows local attackers to set certain setting values...

PT-2022-25093 · Unknown · Nice Catch

Name of the Vulnerable Software and Affected Versions: Nice Catch versions prior to SMR Dec-2022 Release 1 Description: The issue is related to improper access control, allowing physical attackers to access the contents of all toast generated in the application installed in Secure Folder through...

CVE-2022-39912

Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T13 allows local attackers to set some setting value in Secure folder...

CVE-2022-39900

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch...

Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks

Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...

Design/Logic Flaw

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface CLI may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-42718

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface CLI may allow an authenticated user to potentially enable escalation of privilege via local access...

National Instruments LabVIEW 安全漏洞

National Instruments LabVIEW NI LabVIEW is a graphical program compilation platform from National Instruments. A security vulnerability exists in National Instruments LabVIEW that stems from incorrect default permissions in a folder. An attacker could exploit the vulnerability to elevate privileg...

CVE-2022-42718

The CVE-2022-42718 entry concerns NI LabVIEW Command Line Interface (CLI). The root issue is incorrect default permissions in the installation folder, which may allow an authenticated local user to escalate privileges. Impact is a local privilege-escalation risk with high severity (CVE reported w...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

Trellix Agent 代码问题漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent TA for Windows versions prior to 5.7.8. An attacker could exploit the vulnerability t...

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

PT-2022-24471 · Trellix · Trellix Agent

Name of the Vulnerable Software and Affected Versions: Trellix Agent TA for Windows versions prior to 5.7.8 Description: An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows. This allows an attacker with admin access to elevate their privileges to System by placing a...

CVE-2022-45305

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder...

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...

TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 51k Example of vulnerable code: java String s = "some very large string greater than 51200 bytes"; PreparedStatement.setInputStream1...

CVE-2022-2791

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC...

Design/Logic Flaw

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC...