CVE-2021-22311

Summary: CVE-2021-22311 affects Huawei ManageOne, specifically version 8.0.0 and 8.0.1, due to an improper permission assignment vulnerability from weak security hardening. The issue allows a process to run with higher privileges, enabling affected users to perform operations with improper permis...

CVE-2021-22311

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include...

UBUNTU-CVE-2019-14828

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that...

Generated Code Contains Local Information Disclosure Vulnerability

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

DEBIAN-CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

Mass Parameter Assignment

openid-connect-server allows mass parameter assignment. The vulnerability allows an attacker to overwrite specific parameters with arbitrary values, which could lead to authorization bypass or other unexpected application behavior...

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

Authorization

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

CVE-2021-27582

MITREid Connect OpenID Connect server (MITREid Connect) before 1.3.3 is affected by a Mass Assignment (Autobinding) vulnerability in OAuthConfirmationController.java. The issue arises from unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, allowing HTTP request pa...

PT-2021-17521 · Mitre · Mitreid Connect

Name of the Vulnerable Software and Affected Versions: MITREid Connect versions through 1.3.3 Description: The OpenID Connect server implementation for MITREid Connect contains a Mass Assignment vulnerability, also known as Autobinding. This issue arises due to the unsafe usage of the...

The vulnerability of the BLIP protocol analyzer in Wireshark software allows a hacker to trigger a service failure.

The vulnerability of the BLIP protocol analyzer in Wireshark is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Ovarro TBox (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Ovarro Equipment: TBoxLT2 All models, TBox MS-CPU32, TBox MS-CPU32-S2, TBox RM2 All models, TBox TG2 All models --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Code Injection,...

The vulnerability of Intel Graphics Driver drivers lies in the lack of checking for the value of the pointer before its assignment, which allows a malicious actor to trigger a service failure.

The vulnerability of Intel Graphics Driver drivers is related to the lack of checking for the value of the pointer before it is reassigned. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2020-8029

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...

CVE-2020-8029 skuba: Insecure handling of private key

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...

CVE-2020-8029

The CVE-2020-8029 entry concerns SUSE CaaS Platform 4.5 where the skuba component permits an Incorrect Permission Assignment for a Critical Resource, enabling local attackers to access the kublet key. Affected versions are skuba prior to the patch referenced by SUSE’s pull request #1416 (https://...

CVE-2020-26194

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH privileges to exploit the vulnerability, leading to compromised cryptographic...