Lucene search
K

3977 matches found

Prion
Prion
added 2021/12/20 11:15 p.m.8 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

7AI score
Exploits0
Prion
Prion
added 2021/12/20 11:15 p.m.7 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

7AI score
Exploits0
Prion
Prion
added 2021/12/20 11:15 p.m.9 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

7AI score
Exploits0
CVE
CVE
added 2021/12/20 10:45 p.m.22 views

CVE-2020-11338

CVE-2020-11338 entry is rejected/not used and does not represent an active vulnerability.

6.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/12/20 6:25 p.m.48 views

Incorrect Permission Assignment for Critical Resource in Singularity

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

9CVSS1.3AI score0.02127EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2021/12/20 6:25 p.m.23 views

GHSA-557G-R22W-9WVX Incorrect Permission Assignment for Critical Resource in Singularity

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

8.8CVSS8.7AI score0.02127EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/20 12:0 a.m.44 views

JVN#79798166: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...

7.5CVSS7AI score0.01296EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2021/12/16 12:0 a.m.22 views

Incorrect Permission Assignment for Critical Resource

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

5.8CVSS3.1AI score0.03928EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.3 views

The vulnerability of the WS-Security plugin in the gSOAP software development environment allows a attacker to cause a service failure.

The vulnerability of the WS-Security plugin in the gSOAP software development environment is related to errors in pointer assignment during SOAP request processing. Exploiting this vulnerability allows an attacker to cause service failures by sending specially crafted HTTP requests...

7.5CVSS7.2AI score0.03023EPSS
Exploits1References7Affected Software3
NVD
NVD
added 2021/12/09 10:15 a.m.17 views

CVE-2021-43065

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...

7.8CVSS0.00426EPSS
Exploits1References2
Prion
Prion
added 2021/12/09 10:15 a.m.11 views

Code injection

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...

7.2CVSS7.7AI score0.00426EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/12/09 9:15 a.m.16 views

CVE-2021-43065

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...

7.8CVSS8AI score0.00426EPSS
Exploits1References2
CVE
CVE
added 2021/12/09 9:15 a.m.46 views

CVE-2021-43065

CVE-2021-43065 affects Fortinet FortiNAC (versions 9.2.0, 9.1.3 and below, 8.8.9 and below). Root cause: incorrect permission assignment to a critical resource, enabling an attacker with access to sensitive system data to elevate privileges. Public references describe this as improper permissions...

7.8CVSS7.7AI score0.00426EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/12/09 9:15 a.m.10 views

CVE-2021-43065

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...

7.8CVSS7AI score0.00426EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/12/09 12:0 a.m.3 views

The vulnerability of the IPPUSB discriver, a traffic analyzer for computer networks by Wireshark, allows a hacker to cause a service failure.

The vulnerability of the IPPUSB discriver and the traffic analyzer for computer networks by Wireshark is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by injecting specially created packets...

7.8CVSS6.9AI score0.03158EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/03 12:0 a.m.3 views

The vulnerability of the Modbus analyzer component in Wireshark allows a hacker to trigger a service failure.

The vulnerability of the Modbus analyzer component in Wireshark relates to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failures by injecting specially created packets...

7.8CVSS6.9AI score0.03239EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.4 views

The vulnerability of the Adobe Media Encoder application, related to the swapping of the zero pointer, allows a perpetrator to cause service interruptions.

The vulnerability of the Adobe Media Encoder application relates to the assignment of a zero pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions...

5.5CVSS6.6AI score0.0131EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2021/11/29 12:0 a.m.536 views

Orangescrum 1.8.0 Privilege Escalation

Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Teste...

0.6AI score
Exploits0
NVD
NVD
added 2021/11/24 1:15 a.m.18 views

CVE-2021-28707

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

8.8CVSS0.00348EPSS
Exploits0References5
CVE
CVE
added 2021/11/23 7:59 p.m.25 views

CVE-2018-13944

CVE-2018-13944 entry is rejected and not used; it does not represent an active vulnerability.

7.3AI score
Exploits0
Rows per page
Query Builder