FortiClient (Windows) - Improper write access over FortiClient pipe object

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...

The vulnerability of the Consul and Consul Enterprise service configuration tool, related to pointer assignment errors, allows a malicious actor to trigger an emergency shutdown of the application.

The vulnerability of the Consul and Consul Enterprise service configuration tools is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause an unexpected termination of the application...

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClientWindows has an...

Employee Task Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System Version:...

CVE-2022-33269 Integer overflow or wraparound in Core

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment...

PT-2023-13275 · Core · Core

Name of the Vulnerable Software and Affected Versions: Core affected versions not specified Description: The issue is related to memory corruption caused by integer overflow or wraparound in Core during DDR memory assignment. Recommendations: At the moment, there is no information about a newer...

Augment Security Asset Tagging with Custom Assessment and Remediation (CAR)

Security asset tagging provides a flexible and scalable way to organize the assets in your environment based on specific requirements. It enables you to create tags and assign them to your assets, which can improve your cybersecurity maturity and reduce risks for breaches and audit failures. Qual...

CVE-2022-43773 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled...

CVE-2022-43773 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled...

PT-2023-2236 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in permission assignment for files, which can allow a remote attacker to execute arbitrary...

RoboDK

1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could...

SUSE-SU-2023:1710-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed a use after free related to device private page handling bsc1204363. - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver bsc1203332. -...

ABB OPC Server for Incorrect Permission Assignment for Critical Resource (CVE-2021-22284)

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2023-1516

CVE-2023-1516 affects RoboDK versions 5.5.3 and earlier, due to an insecure permission assignment for critical directories that could let a local user escalate privileges and write to the RoboDK process, enabling code execution. Public sources consistently name RoboDK 5.5.3 and prior as vulnerabl...

CVE-2023-1516

RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution...

The vulnerability of the Slapi-nis package for 389 Directory Server allows a hacker to trigger a service failure.

The vulnerability of the Slapi-nis package for 389 Directory Server is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2022-40569

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

Incorrect Permission Assignment for Critical Resource

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...

Upgraded Q -> 2 from #88 [1679874611177]

Judge has assessed an item in Issue 88 as 2 risk. The relevant finding follows: L-1 Vault assignment in VaultToken can be frontrunned --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2023-1631

A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has...