CVE-2021-23954

The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A type confusion vulnerability exists in Mozilla Firefox when using the logical assignment operator, which prevents users from uploading files. No details of the vulnerability are provided at this time...

UBUNTU-CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

The vulnerability of the io_uring function in the Linux operating system’s kernel allows attackers to increase their privileges.

The vulnerability of the iouring function in the Linux operating system’s kernel is related to privilege assignment errors. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the nsm DropPrivileges function (from the support/nsm.File.c module in the NFS utilities nfs-utils package) arises from improper assignment of standard privileges. This allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the nsm DropPrivileges function from the NFS utility package nfs-utils, file.c section is related to the improper assignment of standard privileges. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential data, compromise its...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

CVE-2020-25507

An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions 0777...

Code injection

An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions 0777...

CVE-2020-25507

An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions 0777...

CVE-2020-25507

CVE-2020-25507 affects TeamworkCloud 18.0–19.0. The installation script incorrectly assigns permissions, enabling a local unprivileged user to write to /etc/environment (0777) and to the twcloud user’s home at /home/twcloud, causing all users (including root) to execute arbitrary code on next log...

Exploit for Incorrect Permission Assignment for Critical Resource in Wftpserver Wing_Ftp_Server

What's this Wing FTP Server 6.2.3 - Privilege Escalation...

D-link DSL-2888A 访问控制错误漏洞

The D-link DSL-2888A is a Unified Services Router from D-link China. An authorization issue vulnerability exists in the D-Link DSL-2888A devices with firmware, which can be exploited by an attacker to assign a static IP address that has been previously used by a valid user...

CVE-2020-7337

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise VSE prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of...

CVE-2020-7337

CVE-2020-7337 affects McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16, where an incorrect permission assignment for a critical resource enables local administrators to bypass local security protections by manipulating Code Integrity checks tied to Windows Defender Application Control. The...

RUSTSEC-2020-0082 ordered_float:NotNan may contain NaN after panic in assignment operators

After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...