Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

CVE-2023-31453

Apache InLong has a vulnerability CVE-2023-31453: incorrect permission assignment in versions 1.2.0–1.6.0 that allows deleting other users’ subscriptions. The issue is introduced in the access control for subscriptions and is not present in 1.7.0+. Remediation: upgrade to InLong 1.7.0 or cherry-p...

CVE-2023-31453 Apache InLong: IDOR make users can delete others' subscription

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

CVE-2023-31453 Apache InLong: IDOR make users can delete others' subscription

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

CVE-2023-31454

CVE-2023-31454 affects Apache InLong versions 1.2.0–1.6.0. The root cause is an Incorrect Permission Assignment for a Critical Resource that allows a remote attacker to bind any cluster, even if not the cluster owner. The impact described is an elevation of privileges within InLong clusters; no e...

Schneider Electric APC Easy UPS Online Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

CVE-2021-0080

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none...

GHSA-3P37-3636-Q8WV Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Impact during codegen, the length word of a dynarray is written before the data, which can result in OOB array access in the case where the dynarray is on both the lhs and rhs of an assignment. here is a minimal example producing the issue: vyper a:DynArrayuint256,3 @external def test -...

PYSEC-2023-77

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

PT-2023-23179 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue occurs during codegen when the length word of a dynarray is written before the data. This can result in out-of-bounds array access when the dynarray is on both the lhs and rhs of an...

CVE-2022-41771

Incorrect permission assignment for critical resource in some IntelR QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-41699

Incorrect permission assignment for critical resource in some IntelR QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Information disclosure

Incorrect permission assignment for critical resource in some IntelR QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-41771

CVE-2022-41771 concerns Intel® QuickAssist Technology (QAT) drivers for Windows prior to version 1.9.0. The root cause is an incorrect permission assignment for a critical resource , which may allow an authenticated local user to disclose information. The advisory and related listings confirm the...

CVE-2022-41699

Intel QuickAssist Technology (QAT) drivers for Windows prior to version 1.9.0 have an incorrect permission assignment that may allow an authenticated user to escalate privileges via local access. Affected products: Intel QAT drivers for Windows before 1.9.0. Impact, as described by Intel: local p...

CVE-2022-41699

Incorrect permission assignment for critical resource in some IntelR QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-41699

Incorrect permission assignment for critical resource in some IntelR QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-40331

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...

CVE-2021-40331

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...