1220 matches found
Privilege escalation
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
CVE-2022-29526
CVE-2022-29526 is a privilege-assignment flaw in Go’s Faccessat path (go1.17.10 and go1.18.2 fixes cited in initial description). The provided connected documents confirm this CVE affects multiple downstream packages (e.g., buildah, podman, cni, containernetworking-plugins, golang, sriov-network-...
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
Splunk 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. The software is primarily used to collect, index, and analyze the data it generates, including data generated by all IT systems and infrastructure physical, virtual machines, and cloud.A resource privilege assignment err...
The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices allows a perpetrator to escalate their privileges or execute arbitrary commands.
The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary commands...
SUSE SLED15 / SLES15 Security Update : go1.17 (SUSE-SU-2022:1862-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1862-1 advisory. - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags...
Incorrect Privilege Assignment in Jenkins Script Security Plugin
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...
GHSA-8R7Q-CVJQ-X353 Incorrect Privilege Assignment in Jinja2
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
Incorrect Privilege Assignment in Jinja2
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
GHSA-QJPQ-5PQ3-43RR Incorrect Privilege Assignment in RESTEasy
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...
Incorrect Privilege Assignment in RESTEasy
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...
The vulnerability in the web interface of the Cisco Identity Services Engine, which allows a perpetrator to disclose protected information
The vulnerability of the Cisco Identity Services Engine’s network policy management web interface is related to the improper assignment of privileges. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
CVE-2022-1225
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...
CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...
CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...
CVE-2022-1225
CVE-2022-1225 affects phpIPAM prior to 1.4.6, where an incorrect privilege assignment could allow a normal user to access export endpoints (e.g., generate-xls.php, generate-hosts.php, generate-mysql.php) and leak sensitive data. The connected Huntr entry details real-world paths and impact, indic...
phpIPAM 安全漏洞
phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in versions prior to phpipam 1.4.6 that stems from incorrect privilege assignment in the application...
CVE-2022-20051
In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...