3975 matches found
CVE-2019-11896
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...
CVE-2019-11891
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...
CVE-2019-11893
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...
CVE-2019-11896 Incorrect pviilege assignment in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC)
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...
CVE-2019-11896
CVE-2019-11896 affects the Bosch Smart Home Controller (SHC) via the 3rd-party pairing mechanism prior to version 9.8.907. The root issue is an incorrect privilege assignment that can allow a restricted app to acquire default app permissions after a successful app pairing, which requires user int...
CVE-2019-11893 Incorrect privilege assignment in the app permission update API of the Bosch Smart Home Controller (SHC)
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...
CVE-2019-11893
The CVE-2019-11893 entry describes an incorrect privilege assignment vulnerability in the Bosch Smart Home Controller (SHC) app permission update API. Affected product: Bosch SHC prior to version 9.8.905. Vulnerable component: the app permission update API where privilege assignments can be misap...
CVE-2019-11891 Incorrect privilege assignment in the app pairing mechanism of the Bosch Smart Home Controller (SHC)
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...
CVE-2019-11891
CVE-2019-11891 affects the Bosch Smart Home Controller (SHC) prior to version 9.8.905, with an incorrect privilege assignment in the app pairing mechanism that can lead to elevated privileges. Exploitation requires physical access to the SHC. The issue is described with a high-severity impact ( c...
The Number of vCPUs Assigned To A Guest Causes VIFs To Go Offline
Increasing the number of vCPUs assigned to a VM will reduce the number of available. For instance 10 vCPUs will have 7 active VIFs but 12 vCPUs will only allow 6 active VIFs...
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment
macOS 10.14.5 / iOS 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds...
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds ./Tools/Scripts/build-jsc --jsc-only --debug or --release: // Run with --useConcurrentJIT=false...
DRUPAL-CONTRIB-2019-048
This module enables you to use special routes for user registration with special roles and custom field sets defined for the role. The module doesn't sufficiently check which user roles can be registered under the scenario when the user tries to register the user with the administrator role. This...
Rockwell Automation/Allen-Bradley Multiple Devices Denial of Service
Binary data 720096.prm...
The vulnerability of the virJSONValueObjectHasKey function in the Libvirt management library allows a attacker to trigger a service failure.
The vulnerability of the virJSONValueObjectHasKey function in the Libvirt virtualization management library arises from the assignment of a null pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...
CVE-2018-4073
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...
CVE-2018-4072
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...
Design/Logic Flaw
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...
Design/Logic Flaw
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...
CVE-2018-4073
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...