Adobe Acrobat Pro DC Genuine Software Service Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Genuine Software Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2019-10394

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts...

ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment

A stack-based buffer overflow was discovered in ImageMagick in the way it writes PNM images due to a misplaced assignment. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by...

Unspecified Vulnerability in Apple iOS and iPadOS Safari Components (CNVD-2020-23219)

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Safari is a component of the Safari browser.Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability in the Safari component of Apple iOS prior to...

Dell EMC XtremIO XMS Privilege Assignment Vulnerability

Dell EMC XtremIO XMS is a suite of XtremIO Enterprise Storage Platform management software from Dell USA. A security vulnerability exists in Dell EMC XtremIO XMS prior to version 6.3.0, which stems from an incorrect privilege assignment. A local attacker could exploit the vulnerability to gain ro...

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

CVE-2020-7916

Summary: CVE-2020-7916 affects WordPress LearnPress plugin versions 3.2.6.5 and earlier. The flaw resides in be_teacher in class-lp-admin-ajax.php, allowing any registered/authenticated user to call wp-admin/admin-ajax.php?action=learnpress_be_teacher and grant themselves the teacher role without...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

Design/Logic Flaw

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

CVE-2019-18577

Dell EMC XtremIO XMS is affected by a local privilege escalation vulnerability in versions prior to 6.3.0, caused by incorrect permission assignment. A malicious local user with XtremIO xinstall privileges can gain root access. Remediation: upgrade to XtremIO XMS 6.3.0 or later (per cited securit...

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

Printers assigned to users through WEM are not created in ICA, RDP and console sessions

Printers assigned to users through WEM are not created in ICA, RDP and console sessions...

SUSE-SU-2020:0334-1 Security update for xen

This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. - CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. - CVE-2019-19581: findnextbit issues bsc1158003. -...

Exploit for Execution with Unnecessary Privileges in Pyinstaller

PyInstallerPriv...

CVE-2019-3683

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

Code injection

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

CVE-2019-3683

The CVE-2019-3683 issue affects the keystone-json-assignment package in SUSE Openstack Cloud 8 prior to commit d7888c75505465490250c00cc0ef4bb1af662f9f. The root cause is that every user listed in /etc/keystone/user-project-map.json was granted full member access to every project, enabling these ...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Server Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with a valid session, with...