| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
|
|
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. |
| In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed |
| In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |