3977 matches found
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
CVE-2020-11338
CVE-2020-11338 entry is rejected/not used and does not represent an active vulnerability.
Incorrect Permission Assignment for Critical Resource in Singularity
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...
GHSA-557G-R22W-9WVX Incorrect Permission Assignment for Critical Resource in Singularity
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...
JVN#79798166: Multiple vulnerabilities in GroupSession
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
The vulnerability of the WS-Security plugin in the gSOAP software development environment allows a attacker to cause a service failure.
The vulnerability of the WS-Security plugin in the gSOAP software development environment is related to errors in pointer assignment during SOAP request processing. Exploiting this vulnerability allows an attacker to cause service failures by sending specially crafted HTTP requests...
CVE-2021-43065
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...
Code injection
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...
CVE-2021-43065
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...
CVE-2021-43065
CVE-2021-43065 affects Fortinet FortiNAC (versions 9.2.0, 9.1.3 and below, 8.8.9 and below). Root cause: incorrect permission assignment to a critical resource, enabling an attacker with access to sensitive system data to elevate privileges. Public references describe this as improper permissions...
CVE-2021-43065
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...
The vulnerability of the IPPUSB discriver, a traffic analyzer for computer networks by Wireshark, allows a hacker to cause a service failure.
The vulnerability of the IPPUSB discriver and the traffic analyzer for computer networks by Wireshark is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by injecting specially created packets...
The vulnerability of the Modbus analyzer component in Wireshark allows a hacker to trigger a service failure.
The vulnerability of the Modbus analyzer component in Wireshark relates to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failures by injecting specially created packets...
The vulnerability of the Adobe Media Encoder application, related to the swapping of the zero pointer, allows a perpetrator to cause service interruptions.
The vulnerability of the Adobe Media Encoder application relates to the assignment of a zero pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions...
Orangescrum 1.8.0 Privilege Escalation
Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Teste...
CVE-2021-28707
PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...
CVE-2018-13944
CVE-2018-13944 entry is rejected and not used; it does not represent an active vulnerability.