Lucene search
K

1220 matches found

Prion
Prion
added 2022/06/23 5:15 p.m.22 views

Privilege escalation

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5CVSS7.5AI score0.02593EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2022/06/22 1:15 p.m.25 views

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

8AI score0.02593EPSS
Exploits1References9
CVE
CVE
added 2022/06/22 1:15 p.m.625 views

CVE-2022-29526

CVE-2022-29526 is a privilege-assignment flaw in Go’s Faccessat path (go1.17.10 and go1.18.2 fixes cited in initial description). The provided connected documents confirm this CVE affects multiple downstream packages (e.g., buildah, podman, cni, containernetworking-plugins, golang, sriov-network-...

5.3CVSS8.3AI score0.02593EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2022/06/22 1:15 p.m.53 views

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS8.9AI score0.02593EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/06/22 1:15 p.m.72 views

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS9.1AI score0.02593EPSS
Exploits1
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.4 views

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. The software is primarily used to collect, index, and analyze the data it generates, including data generated by all IT systems and infrastructure physical, virtual machines, and cloud.A resource privilege assignment err...

7.5CVSS5.6AI score0.01799EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/06/02 12:0 a.m.6 views

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices allows a perpetrator to escalate their privileges or execute arbitrary commands.

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary commands...

7.8CVSS6.8AI score0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/28 12:0 a.m.33 views

SUSE SLED15 / SLES15 Security Update : go1.17 (SUSE-SU-2022:1862-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1862-1 advisory. - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags...

5.3CVSS7.1AI score0.02593EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.31 views

Incorrect Privilege Assignment in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS4.2AI score0.025EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/14 4:4 a.m.17 views

GHSA-8R7Q-CVJQ-X353 Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

8.6CVSS5.8AI score0.00373EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2022/05/14 4:4 a.m.23 views

Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

4.4CVSS5.8AI score0.00373EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2022/05/14 1:18 a.m.35 views

GHSA-QJPQ-5PQ3-43RR Incorrect Privilege Assignment in RESTEasy

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

7.5CVSS8.7AI score0.04572EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/14 1:18 a.m.32 views

Incorrect Privilege Assignment in RESTEasy

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

7.5CVSS9.1AI score0.04572EPSS
Exploits0References14Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.8 views

The vulnerability in the web interface of the Cisco Identity Services Engine, which allows a perpetrator to disclose protected information

The vulnerability of the Cisco Identity Services Engine’s network policy management web interface is related to the improper assignment of privileges. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

6.8CVSS6.5AI score0.0097EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/04/04 11:15 a.m.21 views

CVE-2022-1225

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

6.5CVSS0.01015EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/04/04 10:50 a.m.32 views

CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

6.5CVSS7.3AI score0.01015EPSS
Exploits1References2
OSV
OSV
added 2022/04/04 10:50 a.m.22 views

CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

6.5CVSS6.9AI score0.01015EPSS
Exploits1References4
CVE
CVE
added 2022/04/04 10:50 a.m.98 views

CVE-2022-1225

CVE-2022-1225 affects phpIPAM prior to 1.4.6, where an incorrect privilege assignment could allow a normal user to access export endpoints (e.g., generate-xls.php, generate-hosts.php, generate-mysql.php) and leak sensitive data. The connected Huntr entry details real-world paths and impact, indic...

6.5CVSS6.5AI score0.01015EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.6 views

phpIPAM 安全漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A security vulnerability exists in versions prior to phpipam 1.4.6 that stems from incorrect privilege assignment in the application...

6.5CVSS6.8AI score0.01015EPSS
Exploits1References3
NVD
NVD
added 2022/03/10 5:45 p.m.24 views

CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

5.5CVSS0.00098EPSS
Exploits0References1
Rows per page
Query Builder