Lucene search
K

3985 matches found

Prion
Prion
added 2023/04/28 3:15 p.m.13 views

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...

7.5CVSS9.5AI score0.00319EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/28 2:54 p.m.43 views

CVE-2023-0834

The CVE-2023-0834 entry concerns HYPR Workforce Access on macOS with an Incorrect Permission Assignment for a Critical Resource, enabling Privilege Escalation. Affected versions are HYPR Workforce Access 6.12 through prior to 8.1. The issue stems from misassigned permissions on a critical resourc...

9.8CVSS9.4AI score0.00319EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/28 2:54 p.m.22 views

CVE-2023-0834

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...

7CVSS9.7AI score0.00319EPSS
Exploits0References1
Prion
Prion
added 2023/04/17 10:15 p.m.31 views

Code injection

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

4.1CVSS7.9AI score0.00167EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/17 12:0 a.m.10 views

CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

8.2CVSS8AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/17 12:0 a.m.23 views

CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

8.2CVSS8.2AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2023/04/17 12:0 a.m.54 views

CVE-2023-28960

CVE-2023-28960 concerns Juniper Networks Junos OS Evolved. The issue is an incorrect permission assignment for a critical resource that lets a local, authenticated, low-privileged user copy potentially malicious files into an existing Docker container on the local system. A follow-on administrato...

8.2CVSS8AI score0.00167EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/16 6:52 a.m.8 views

CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

9.1CVSS9.2AI score0.00899EPSS
Exploits0References3
NVD
NVD
added 2023/04/13 7:15 p.m.9 views

CVE-2022-2445

Rejected reason: Incorrectly assigned CVE. Not a valid issue...

6.5AI score
Exploits0
NVD
NVD
added 2023/04/13 7:15 a.m.16 views

CVE-2022-33269

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment...

9.3CVSS9.6AI score0.00116EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.5 views

The vulnerability of the /etc/init.d/openfire file in the PBX server of the corporate IP telephony management system CoreDial sipXcom sipXopenfire allows a attacker to escalate their privileges or execute arbitrary commands.

The vulnerability of the /etc/init.d/openfire file in the CoreDial sipXcom sipXopenfire server of the corporate IP-telephony management system is related to improper privilege assignment. Exploiting this vulnerability could allow an attacker to enhance their privileges or execute arbitrary comman...

9CVSS7.9AI score0.02501EPSS
Exploits3References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.7 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the assignment of permissions to files, allowing a hacker to execute arbitrary code.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to errors in granting permissions for files. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

9CVSS8AI score0.22179EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/11 5:15 p.m.147 views

Race condition

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

5.1CVSS8.3AI score0.00701EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/11 4:6 p.m.11 views

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

7.5CVSS7.5AI score0.00701EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/11 4:6 p.m.31 views

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

7.5CVSS8.6AI score0.00701EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/11 12:0 a.m.6 views

The vulnerability of the Consul and Consul Enterprise service configuration tool, related to pointer assignment errors, allows a malicious actor to trigger an emergency shutdown of the application.

The vulnerability of the Consul and Consul Enterprise service configuration tools is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause an unexpected termination of the application...

6.5CVSS6.5AI score0.01005EPSS
Exploits0References2Affected Software3
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.76 views

FortiClient (Windows) - Improper write access over FortiClient pipe object

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...

5.1CVSS8.2AI score0.00701EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.3 views

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClientWindows has an...

8.1CVSS7.4AI score0.00701EPSS
Exploits0References2
0day.today
0day.today
added 2023/04/06 12:0 a.m.255 views

Employee Task Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System Version:...

8.8CVSS8.8AI score0.01684EPSS
Exploits5
Cvelist
Cvelist
added 2023/04/04 4:46 a.m.29 views

CVE-2022-33269 Integer overflow or wraparound in Core

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment...

9.3CVSS9.7AI score0.00116EPSS
Exploits0References1
Rows per page
Query Builder