Page 31 of 3049 results (0.083 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •

CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-312: Cleartext Storage of Sensitive Information •