The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to incorrect privilege assignment, allows attackers to access confidential data.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the improper assignment of privileges. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

GHSA-8RJH-3MHM-966Q Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 o...

Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

GHSA-RF76-WHGP-FP56 Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 o...

Incorrect usage of Comparison Operator(==) instead of Asignment Operator(=) in PartnerManagerFactory

Lines of code Vulnerability details Impact The incorrect usage of comparison operator instead of an assignment operator in addPartner and addVault functions could lead to undesirable behaviour. While the mapping partnerIds and vaultIds are supposed to keep track of the IDs, due to the error, thes...

Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750)

Summary IBM Security Key Lifecycle Manager specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. In case of Windows operating system, all user accounts with access to the system will have read access to all the...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K83284425)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K83284425 advisory. - In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before...

The vulnerability of the Routing Protocol Demon (rpd) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause service interruptions.

The vulnerability of the Routing Protocol Data rpd in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to an unvalidated return value, which leads to the assignment of zero to certain variables. Exploiting this vulnerability can allow a attacker to cause service failur...

IBM Security Directory Suite VA Information Disclosure Vulnerability

IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. An information disclosure vulnerability exists in IBM Security Directory Suite VA, which could be exploited by an attacker to...

User who stakes into StRSRVotes doesn't have any voting power

Lines of code Vulnerability details Impact User who stakes into StRSRVotes doesn't have any voting power. This is not intuitive clear and user who thinks that he can vote, actually will not be able until he will delegate votes to himself. Proof of Concept StRSRVotes contract extends StRSR which h...

CVE-2023-2918

Rejected reason: Duplicate Assignment...

Design/Logic Flaw

Rejected reason: Duplicate Assignment...

The vulnerability of the gfs2_evict inode() function in the fs/gfs2/super.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the gfs2evict inode function in the fs/gfs2/super.c module of the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

Siemens SICAM Q200 Privilege Assignment Error Vulnerability

The SICAM Q200 is a multifunctional device for detecting, reporting and analyzing measured values and events. A privilege assignment error vulnerability exists in the Siemens SICAM Q200, which can be exploited by an attacker to impersonate a legitimate application user...

Siemens POWER METER SICAM 安全漏洞

The SICAM Q200 is a multifunctional device for detecting, reporting and analyzing measured values and events. A privilege assignment error vulnerability exists in the Siemens SICAM Q200, which can be exploited by an attacker to impersonate a legitimate application user...

Incorrect Permission Assignment for Critical Resource

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

Siemens SICAM Q200 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...