Lucene search
K

3978 matches found

Cvelist
Cvelist
added 2022/03/16 10:5 a.m.20 views

CVE-2022-21946 suddoers configuration for cscreen not restrictive enough

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory...

5.3CVSS5.7AI score0.00256EPSS
Exploits1References1
CVE
CVE
added 2022/03/16 10:5 a.m.116 views

CVE-2022-21946

CVE-2022-21946 is a local privilege vulnerability in openSUSE Factory cscreen caused by an incorrect permission assignment in the sudoers configuration, letting any local user gain tty and dialout group privileges and manipulate running cscreen sessions. Affected: cscreen versions 1.2–1.3 and ear...

5.3CVSS5.6AI score0.00256EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/03/10 5:45 p.m.2 views

CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

5.5CVSS6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:45 p.m.4 views

CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

5.5CVSS6.2AI score0.00098EPSS
Exploits0References2
NVD
NVD
added 2022/03/10 5:45 p.m.20 views

CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

5.5CVSS0.00098EPSS
Exploits0References1
Prion
Prion
added 2022/03/10 5:45 p.m.20 views

Privilege escalation

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

2.1CVSS5.5AI score0.00098EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 5:2 p.m.28 views

CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

5.7AI score0.00098EPSS
Exploits0References1
CVE
CVE
added 2022/03/09 5:2 p.m.100 views

CVE-2022-20051

CVE-2022-20051 affects the ims service and is linked to incorrect privilege assignment that can cause unexpected application behavior and local denial of service without requiring user interaction or additional privileges. The vulnerability is mitigated by patch ALPS06219127 (Issue ALPS06219127);...

5.5CVSS5.4AI score0.00098EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/03/07 12:15 p.m.17 views

CVE-2021-4199

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issu...

7.8CVSS0.00758EPSS
Exploits0References2
Prion
Prion
added 2022/03/07 12:15 p.m.27 views

Code injection

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issu...

7.2CVSS7.6AI score0.00758EPSS
Exploits0References2Affected Software4
NVD
NVD
added 2022/02/28 9:15 a.m.16 views

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

6.1CVSS0.01469EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/02/28 12:0 a.m.3 views

PT-2022-9543 · WordPress · Use Any Font | Custom Font Uploader

Name of the Vulnerable Software and Affected Versions: Use Any Font | Custom Font Uploader WordPress plugin versions prior to 6.2.1 Description: The issue allows unauthenticated users to send arbitrary CSS, which will be processed by the frontend for all users. This is due to the lack of...

6.1CVSS6AI score0.01469EPSS
Exploits2References3
NVD
NVD
added 2022/02/26 4:15 a.m.28 views

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS0.00678EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/02/26 4:15 a.m.41 views

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS6.7AI score0.00678EPSS
Exploits0References5
Prion
Prion
added 2022/02/26 4:15 a.m.37 views

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session...

4.9CVSS5.9AI score0.00678EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/02/26 3:14 a.m.299 views

CVE-2020-36516

CVE-2020-36516 : Linux kernel (through 5.16.11) contains a flaw in the mixed IPID assignment method with a hash-based IPID policy that allows an off-path attacker to inject data into or terminate a victim’s TCP session. The issue affects the kernel’s TCP/IP handling and is documented in multiple ...

5.9CVSS6.2AI score0.00678EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2022/02/26 3:14 a.m.57 views

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS6.7AI score0.00678EPSS
Exploits0
Cvelist
Cvelist
added 2022/02/24 12:0 a.m.30 views

CVE-2022-21824

Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...

8.4AI score0.21514EPSS
Exploits0References8
Hacker One
Hacker One
added 2022/02/17 10:31 p.m.22 views

GitHub Security Lab: CPP: Add query for CWE-266 Incorrect Privilege Assignment

This bug was reported directly to GitHub Security Lab...

2.2AI score
Exploits0
OSV
OSV
added 2022/02/09 12:57 a.m.22 views

GHSA-72J4-94RX-CR6W Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions...

4.9CVSS5AI score0.01641EPSS
Exploits0References2
Rows per page
Query Builder