3950 matches found
Design/Logic Flaw
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
CVE-2021-40331
The CVE-2021-40331 entry describes an Incorrect Permission Assignment for Critical Resource in Apache Ranger Hive Plugin. Affected versions are 2.0.0 through 2.3.0; any user with SELECT privilege on a database can alter Hive table ownership when the plugin is enabled. Root cause is improper privi...
CVE-2021-40331 Permissions problem in the Apache Ranger Hive Plugin
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
Zero address pauser assignment
Lines of code Vulnerability details Impact By allowing any address to be assigned as the pauser, the StrategyBase contract leaves itself vulnerable to losing critical functionality that controls token transfers in and out. Assigning a zero address would result in no valid pauser, preventing the...
CVE-2023-0834
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...
Design/Logic Flaw
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...
CVE-2023-0834
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...
CVE-2023-0834
The CVE-2023-0834 entry concerns HYPR Workforce Access on macOS with an Incorrect Permission Assignment for a Critical Resource, enabling Privilege Escalation. Affected versions are HYPR Workforce Access 6.12 through prior to 8.1. The issue stems from misassigned permissions on a critical resourc...
Code injection
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-28960
CVE-2023-28960 concerns Juniper Networks Junos OS Evolved. The issue is an incorrect permission assignment for a critical resource that lets a local, authenticated, low-privileged user copy potentially malicious files into an existing Docker container on the local system. A follow-on administrato...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
CVE-2022-2445
Rejected reason: Incorrectly assigned CVE. Not a valid issue...
CVE-2022-33269
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment...
The vulnerability of the /etc/init.d/openfire file in the PBX server of the corporate IP telephony management system CoreDial sipXcom sipXopenfire allows a attacker to escalate their privileges or execute arbitrary commands.
The vulnerability of the /etc/init.d/openfire file in the CoreDial sipXcom sipXopenfire server of the corporate IP-telephony management system is related to improper privilege assignment. Exploiting this vulnerability could allow an attacker to enhance their privileges or execute arbitrary comman...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the assignment of permissions to files, allowing a hacker to execute arbitrary code.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to errors in granting permissions for files. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
Race condition
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...