Lucene search
K

3977 matches found

Prion
Prion
added 2021/10/19 7:15 p.m.19 views

Design/Logic Flaw

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon RPD to crash and restart, causing a Denial of Service DoS. Repeated actions by the attacker will create a...

2.1CVSS5.3AI score0.00191EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2021/10/19 12:0 a.m.9 views

Financial loss :: commissionAvailableToRedeem is assigned incorrectly

Handle csanuragjain Vulnerability details Impact This can lead to financial loss where validator will lose the commissionAvailableToRedeem Proof of Concept 1. Navigate to 2. Check the redeemRewards function 3. Let us consider the case where msg.sender == v.address ifmsg.sender == v.address...

7AI score
Exploits0
ICS
ICS
added 2021/10/19 12:0 a.m.128 views

AUVESY Versiondog

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AUVESY Equipment: Versiondog Vulnerabilities: Improper Access Control, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Cryptographic Key, Out-of-bounds Read, Use After Free,...

9.8CVSS9.1AI score0.01254EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.3 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. A security vulnerability exists in Trend Micro Apex One that stems from incorrect privilege assignment. The vulnerability can be exploited ...

7.8CVSS7.4AI score0.00338EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/10/13 12:0 a.m.41 views

Juniper Junos OS Vulnerability (JSA11242)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11242 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routi...

5.5CVSS5.8AI score0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/10/12 6:41 p.m.38 views

Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS4.2AI score0.00755EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/10/12 6:41 p.m.28 views

GHSA-362V-WG5P-64W2 Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS7.8AI score0.00755EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.3 views

The vulnerability of the OpenDMARC authentication implementation, related to pointer assignment errors, allows a perpetrator to trigger a service denial.

The vulnerability of the OpenDMARC authentication implementation is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to trigger a service failure remotely...

7.5CVSS7.1AI score0.02746EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/09/30 4:15 p.m.16 views

CVE-2021-24017

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler...

5.4CVSS0.00536EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/30 12:0 a.m.21 views

Tecknodreams SapphireIMS Incorrect Privilege Assignment Vulnerability

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971, where a guest user can change the password of an administrative user by using an insecure object direct referen...

6.5CVSS6.5AI score0.00648EPSS
Exploits0References1
NVD
NVD
added 2021/09/28 5:15 p.m.18 views

CVE-2021-36365

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

9.8CVSS0.03675EPSS
Exploits0References2
Prion
Prion
added 2021/09/28 5:15 p.m.22 views

Code injection

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

7.5CVSS9.4AI score0.03675EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/28 4:53 p.m.19 views

CVE-2021-36365

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

9.8AI score0.03675EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/28 4:50 p.m.25 views

CVE-2021-36363

Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php...

9.8AI score0.03675EPSS
Exploits0References2
CVE
CVE
added 2021/09/28 4:50 p.m.62 views

CVE-2021-36363

Nagios XI prior to 5.8.5 is affected by an Incorrect Permission Assignment in migrate.php. The issue enables improper access control, with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) and CVSS 2.0 base 7.5, indicating high to critical impact over network attack without authentica...

9.8CVSS9.5AI score0.03675EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.19 views

Samba 3.0.25 <= 3.0.25c Vulnerability (CVE-2007-4138)

Incorrect primary group assignment domain users using the rfc2307 or sfu winbind nss info plugin. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.9CVSS6.5AI score0.00724EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2021/09/22 12:0 a.m.52 views

VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS6.3AI score0.01808EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2021/09/22 12:0 a.m.42 views

VMware vCenter Server Appliance Service Lifecycle Manager Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

7.8CVSS5.3AI score0.01808EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2021/09/22 12:0 a.m.27 views

McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS5AI score0.00386EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/09/16 12:0 a.m.46 views

Security Updates for Microsoft Visual Studio Products (September 2021)

The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++ and selecting the Unreal Engine Installer workload. The...

7.8CVSS8.5AI score0.54171EPSS
Exploits0References7
Rows per page
Query Builder