Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22042 | 2024-02-13 | N/A | 7.8 HIGH | ||
A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. | |||||
CVE-2023-20136 | 1 Cisco | 1 Secure Workload | 2024-01-25 | N/A | 6.5 MEDIUM |
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels. | |||||
CVE-2022-20965 | 1 Cisco | 1 Identity Services Engine | 2024-01-25 | N/A | 5.4 MEDIUM |
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]] | |||||
CVE-2022-20956 | 1 Cisco | 1 Identity Services Engine | 2024-01-25 | N/A | 8.8 HIGH |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"] | |||||
CVE-2022-4805 | 1 Usememos | 1 Memos | 2023-12-10 | N/A | 4.3 MEDIUM |
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4796 | 1 Usememos | 1 Memos | 2023-12-10 | N/A | 8.1 HIGH |
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-24821 | 1 Xwiki | 1 Xwiki | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki. |