| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. |
| Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. |
| Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. |
| Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
| Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. |
| D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. |
| Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. |
| Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. |
|
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.
|
|
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
|
|
An unauthorized user could possibly delete any file on the system.
|
| Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
|
| Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. |
| Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. |
|
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
|
|
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`). |
| IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. |
| Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. |
