Authorization

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...

ABB System 800xA Base

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Base Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and...

Rockwellautomation Rslinx Incorrect Permission Assignment for Critical Resource

In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. File data ot500374.nasl...

Eaton Intelligent Power Manager (IPM) < 1.68 Multiple Vulnerabilities

Eaton Intelligent Power Manager IPM v1.67 and prior contain multiple vulnerabilities: - Improper Input Validation on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Eaton Equipment: Intelligent Power Manager Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Eaton Intelligent Power Manager Incorrect Privilege Assignment Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A security vulnerability exists in Eaton Intelligent Power Manager version 1.67 and earlier. An attacker ca...

CVE-2020-12690

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

CVE-2020-6652

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...

CVE-2020-6652

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...

CVE-2020-6652 Incorrect privilege assignment allowing non-admin users to upload config files

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...

CVE-2020-6652

CVE-2020-6652 affects Eaton Intelligent Power Manager (IPM) v1.67 and earlier. The vulnerability is an incorrect privilege assignment that lets non-admin users upload system configuration files by sending specially crafted requests, potentially enabling manipulation of configurations with paramet...

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

PYSEC-2020-54

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

Product release: Virtuozzo Infrastructure Platform 3.5 Update 3 (3.5.3-18)

This update provides bug fixes and improvements. Vulnerability id: VSTOR-33034 Assigning tier 0 to a cache disk makes no effect. The disk does not receive the "journaltier" parameter and can be used by storage disks of other tiers. Vulnerability id: VSTOR-33032 S3 cluster creation fails with a...

The vulnerability of Siemens SINEMA Server software for network management and configuration allows a perpetrator to compromise the confidentiality, integrity, and accessibility of vulnerable systems and basic components.

The vulnerability of Siemens SINEMA Server network management and configuration software is related to incorrect privilege assignment. Exploiting this vulnerability can allow an attacker to remotely compromise the confidentiality, integrity, and accessibility of the vulnerable system and its...

Rockwell Automation RSLinx Classic

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local authenticated...

CVE-2020-1989

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...

CVE-2020-1989 Global Protect Agent: Incorrect privilege assignment allows local privilege escalation

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...

GlobalProtect App: Incorrect privilege assignment allows local privilege escalation

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect App for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks GlobalProtect App for Linux...