3983 matches found
Mass Assignment leads to Stored XSS
Description The application is vulnerable to mass assignment in the User object. A user is able to enable their own account and change their username. The username is not properly sanitized in the admin user overview, leading to a stored XSS attack. Proof of Concept Steps to reproduce: 1. Log in...
The vulnerability of the Samba network communication software package, related to incorrect privilege assignment, allows a perpetrator to gain access to confidential data.
The vulnerability of the Samba networking communication package is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to gain access to confidential data remotely...
The vulnerability of the ioport hardware emulation software under QEMU, related to pointer swapping errors, allows a hacker to trigger a service failure.
The vulnerability of the ioport hardware emulation software under QEMU is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to trigger a service failure...
The vulnerability of the SCSI am53c974 adapter driver in the hardware emulation software QEMU allows a hacker to induce a service failure.
The vulnerability of the SCSI am53c974 adapter driver in the QEMU hardware emulation software is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to cause a system failure...
PT-2022-34252 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue is related to the assignment of scpi info in the arm scpi firmware. If the probe fails, scpi info should not be assigned. The actual impact and attack plausibility of this issue...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2022:3291-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3291-1 advisory. The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...
CVE-2022-2332
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...
Design/Logic Flaw
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...
CVE-2022-2332 Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...
CVE-2022-2332
CVE-2022-2332 is tied to Honeywell SoftMaster 4.51 with an incorrect permission assignment (CWE-732) that allows a local unprivileged attacker to escalate to administrator privileges. The vulnerability is documented in several sources (NVD, CVE List, CISA/ICS advisories) and is part of a dual-iss...
CVE-2022-2332 Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...
CVE-2022-40154
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2022-40153
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...
UBUNTU-CVE-2022-40153
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...
The vulnerability of the MariaDB database, related to pointer assignment errors, allows attackers to cause service failures.
The vulnerability of the MariaDB database lies in pointer assignment errors. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the QEMU hardware emulation software, related to pointer swapping errors, allows a hacker to trigger a service failure.
The vulnerability of the QEMU hardware emulation software is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to trigger a service failure...
The vulnerability of the do_mouse() function in the Vim text editor allows a hacker to compromise the accessibility of the protected information.
The vulnerability of the domouse function in the Vim text editor is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...
Mass Assignment in Self Controller Leads To Vertical Privillege Escalation
Description Hello there, y'all! How are you doing? Hope you are doing great! I was testing Budibase and noticed that the api endpoint /api/global/self, which is used for different purposes updating an user's name or their password, always receives an entire object containing most of the attribute...
The vulnerability of the libIEC61850 library, related to pointer assignment errors, allows a perpetrator to cause a service failure.
The vulnerability of the libIEC61850 library is related to errors in pointer assignment. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
SUSE SLES15 Security Update : kernel (Live Patch 29 for SLE 15 SP2) (SUSE-SU-2022:3088-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3088-1 advisory. This update for the Linux Kernel 5.3.18-15020024126 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an...