3985 matches found
Design/Logic Flaw
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...
CVE-2023-0834
The CVE-2023-0834 entry concerns HYPR Workforce Access on macOS with an Incorrect Permission Assignment for a Critical Resource, enabling Privilege Escalation. Affected versions are HYPR Workforce Access 6.12 through prior to 8.1. The issue stems from misassigned permissions on a critical resourc...
CVE-2023-0834
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...
Code injection
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-28960
CVE-2023-28960 concerns Juniper Networks Junos OS Evolved. The issue is an incorrect permission assignment for a critical resource that lets a local, authenticated, low-privileged user copy potentially malicious files into an existing Docker container on the local system. A follow-on administrato...
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
CVE-2022-2445
Rejected reason: Incorrectly assigned CVE. Not a valid issue...
CVE-2022-33269
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment...
The vulnerability of the /etc/init.d/openfire file in the PBX server of the corporate IP telephony management system CoreDial sipXcom sipXopenfire allows a attacker to escalate their privileges or execute arbitrary commands.
The vulnerability of the /etc/init.d/openfire file in the CoreDial sipXcom sipXopenfire server of the corporate IP-telephony management system is related to improper privilege assignment. Exploiting this vulnerability could allow an attacker to enhance their privileges or execute arbitrary comman...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the assignment of permissions to files, allowing a hacker to execute arbitrary code.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to errors in granting permissions for files. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
Race condition
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
The vulnerability of the Consul and Consul Enterprise service configuration tool, related to pointer assignment errors, allows a malicious actor to trigger an emergency shutdown of the application.
The vulnerability of the Consul and Consul Enterprise service configuration tools is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause an unexpected termination of the application...
FortiClient (Windows) - Improper write access over FortiClient pipe object
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...
Fortinet FortiClientWindows 安全漏洞
Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClientWindows has an...
Employee Task Management System v1.0 - SQL Injection Vulnerability
Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System Version:...
CVE-2022-33269 Integer overflow or wraparound in Core
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment...