Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to improper retention of the mstatus.SUM bit, which remains set contrary to privileged specification constraints. An attacker can gain unauthorized access to physical memory by exploiting this improper...

CVE-2025-45729

D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the installation process of the Import Page component in /admin-cp/imports. An attacker can gain unauthorized access to restricted actions or data by exploiting incorrect privilege assignments during...

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components

A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The...

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component

A vulnerability classified as critical has been found in JuzaWeb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

GHSA-RQ7X-CFMC-RQ3W JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component

A vulnerability classified as critical has been found in JuzaWeb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

GHSA-MRPH-PJV2-34F4 JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components

A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 17.11.5, prior to 18.0.3, and prior to 18.1.1, which stems from a bypass of privilege checking and could lead to...

Mass Assignment

Description Mass assignment is a vulnerability that occurs when an application automatically binds user-provided data e.g., from JSON via req.query to internal object properties or database fields without proper filtering. This can allow attackers to manipulate sensitive fields they shouldn’t hav...

PT-2025-26744 · Teamviewer · Teamviewer

Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.67 Description: The issue is related to an incorrect permission assignment for a critical resource in the TeamViewer Client, allowing a local unprivileged user to trigger arbitrary file deletion with SYSTEM...

CVE-2023-47031

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component...

Apache CloudStack Authorization Issues Vulnerability

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An authorization issue vulnerability exists in Apache CloudStack...

Security Bulletin: IBM Security Guardium is affected by a Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2017-1266 )

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1266 DESCRIPTION: IBM Security Guardium specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CVSS Base...

Security Bulletin: IBM Guardium Data Protection is affected by an Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2025-25023)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-25023 DESCRIPTION: IBM Security Guardium could allow a privileged user to read any file on the system due to incorrect privilege assignment. CWE:CWE-266: Incorrect Privilege...

[SECURITY] Fedora 42 Update: kea-2.6.3-1.fc42

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

[SECURITY] Fedora 41 Update: kea-2.6.3-1.fc41

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

UBUNTU-CVE-2022-50132

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If 'ep' is NULL, result of eptocdns3epep is invalid pointer and its dereference with privep-cdns3dev may cause panic. Found by Linux...

CVE-2022-49964 arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it...

CVE-2022-49964

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it...

Incorrect Privilege Assignment Vulnerability

github.com/hashicorp/nomad is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to a flawed implementation of prefix-based ACL policy lookup, which can cause rules to be incorrectly matched or shadowed, allowing an attacker to bypass intended access restrictions and potential...