3977 matches found
Design/Logic Flaw
An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon RPD to crash and restart, causing a Denial of Service DoS. Repeated actions by the attacker will create a...
Financial loss :: commissionAvailableToRedeem is assigned incorrectly
Handle csanuragjain Vulnerability details Impact This can lead to financial loss where validator will lose the commissionAvailableToRedeem Proof of Concept 1. Navigate to 2. Check the redeemRewards function 3. Let us consider the case where msg.sender == v.address ifmsg.sender == v.address...
AUVESY Versiondog
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AUVESY Equipment: Versiondog Vulnerabilities: Improper Access Control, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Cryptographic Key, Out-of-bounds Read, Use After Free,...
Trend Micro Apex One 安全漏洞
Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. A security vulnerability exists in Trend Micro Apex One that stems from incorrect privilege assignment. The vulnerability can be exploited ...
Juniper Junos OS Vulnerability (JSA11242)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11242 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routi...
Incorrect Privilege Assignment in HashiCorp Vault
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
GHSA-362V-WG5P-64W2 Incorrect Privilege Assignment in HashiCorp Vault
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
The vulnerability of the OpenDMARC authentication implementation, related to pointer assignment errors, allows a perpetrator to trigger a service denial.
The vulnerability of the OpenDMARC authentication implementation is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to trigger a service failure remotely...
CVE-2021-24017
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler...
Tecknodreams SapphireIMS Incorrect Privilege Assignment Vulnerability
Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971, where a guest user can change the password of an administrative user by using an insecure object direct referen...
CVE-2021-36365
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...
Code injection
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...
CVE-2021-36365
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...
CVE-2021-36363
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php...
CVE-2021-36363
Nagios XI prior to 5.8.5 is affected by an Incorrect Permission Assignment in migrate.php. The issue enables improper access control, with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) and CVSS 2.0 base 7.5, indicating high to critical impact over network attack without authentica...
Samba 3.0.25 <= 3.0.25c Vulnerability (CVE-2007-4138)
Incorrect primary group assignment domain users using the rfc2307 or sfu winbind nss info plugin. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
VMware vCenter Server Appliance Service Lifecycle Manager Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...
McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Security Updates for Microsoft Visual Studio Products (September 2021)
The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++ and selecting the Unreal Engine Installer workload. The...