321 matches found
PT-2023-21601 · Hashicorp · Hashicorp Consul +1
Name of the Vulnerable Software and Affected Versions: Consul and Consul Enterprise affected versions not specified Description: The issue allows any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the...
CVE-2023-22504
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature...
Improper access control
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature...
UBUNTU-CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack...
ROS-20230412-03
The Consul server vulnerability is related to allowing an authenticated user to use the service: write permissions to start a workflow. Exploitation of the vulnerability could allow an attacker acting remotely to crash the Consul server and client agents...
Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation
Summary Sielco designs and produces FM radio transmitters for professional broadcasting. The in-house laboratory develops standard and customised solutions to meet all needs. Whether digital or analogue, each product is studied to ensure reliability, resistance over time and a high standard of...
PT-2023-21716 · Onesignal · Onesignal
Name of the Vulnerable Software and Affected Versions: OneSignal affected versions not specified Description: The issue concerns a workflow triggered by closed issues, utilizing a GitHub repository token with full write permissions. This allows an attacker to potentially take over the GitHub...
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
A vulnerability was identified in Consul and Consul Enterprise “Consul” an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an...
CVE-2023-0845
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...
IBM Observability with Instana Access Control Error Vulnerability
IBM Observability with Instana is a powerful application performance monitoring solution from International Business Machines IBM that enables faster performance tracking and incident resolution.IBM Observability with Instana suffers from an access control error vulnerability that stems from the...
SUSE CVE-2014-3969
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors...
SUSE CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...
SUSE CVE-2019-15621
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...
io_uring Same Type Object Reuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...
Privilege escalation
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...
CVE-2022-23737 Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...
PT-2022-16240 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7 Description: An improper privilege management issue was identified that allowed users with improper privileges to create or delete pages via the API. To exploit this, an attacker would need to be...
chocolatey Python3 Permission Design Vulnerability
Python is an open source object-oriented programming language. A privilege design vulnerability exists in the Chocolatey Python3 package v3.11.0 and earlier versions, which originates from all users in the Authenticated users group having write access to the subfolder C:\Python311 and all files i...