CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-36246

CVE-2024-36246 corresponds to a Missing Authorization for coejobhook Command Execution (CWE-862) in Yokogawa Unifier and Unifier Cast. Public sources confirm an Arbitrary Code Execution vector with LocalSystem privileges if exploited. Affected versions include Unifier and Unifier Cast 5.0+ (befor...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

The CVE-2024-23847 issue affects Yokogawa Unifier and Unifier Cast (Unifier 5.0+ and Unifier Cast 5.0+, up to before v5.10.6; unpatched versions). Root cause: Incorrect default permissions (Cast Launcher CWE-276) enabling arbitrary code execution with LocalSystem privileges. Impact: potential ins...

Corel Parallels Desktop 安全漏洞

Parallels Desktop is a virtual machine management software that runs on mac computers and allows users to easily run Windows/Linux operating systems and applications under macOS. A malicious program in quarantine can escape through the virtual machine to execute arbitrary code in the host compute...

Mitsubishi Electric MELSEC-F Series Authentication Error Vulnerability

Mitsubishi Electric MELSEC-F Series is a basic micro PLC with analog and communication function scalability for industrial control equipment from Mitsubishi Electric Mitsubishi Electric, Japan. An authentication error vulnerability exists in the Mitsubishi Electric MELSEC-F Series, which can be...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

Design/Logic Flaw

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

Code injection

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

Toolgate component path traversal vulnerability in Parallels Desktop for Mac products

Parallels Desktop is a virtual machine management software that runs on mac computers and allows users to easily run Windows/Linux operating systems and applications under macOS. A malicious program in quarantine can escape through the virtual machine to execute arbitrary code in the host compute...