Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2023-047)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-047 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-048)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-048 advisory. A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A...

Amazon Linux 2023 : golist (ALAS2023-2023-046)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-046 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

CVE-2023-28426

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion...

CVE-2023-28426

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion...

The vulnerability of the `tegra_xusb_find_port_node()` function (drivers/phy/tegra/xusb.c) in the NVIDIA Tegra XUSB driver for Linux operating systems allows a hacker to induce a service failure.

The vulnerability of NVIDIA Tegra XUSB Pad’s operating system driver is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2023-27310

Siemens RUGGEDCOM CROSSBOW (all versions prior to V5.2) contains a missing-authorization vulnerability in the client query handler: when assigning groups to user accounts, it does not properly enforce permissions, potentially allowing an authenticated remote attacker to elevate privileges by addi...

CVE-2018-3651

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

Huawei HiLink AI Life Authorization Issue Vulnerability

Huawei HiLink AI Life is a whole-house smart solution from China's Huawei Huawei. Huawei HiLink AI Life suffers from an authorization issue vulnerability, which stems from a permission assignment error in the software, and can be exploited by an attacker to access restricted functionality...

CVE-2023-22738

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

CVE-2023-22738 Improper Preservation of Permissions in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

vantage6 安全漏洞

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions prior to vantage6 3.8.0 that stems from the system assigning existing users to different organizations, which could lead ...

GHSA-VVJV-97J8-94XH vantage6 vulnerable to Improper Preservation of Permissions

Impact Assigning existing users to a different organization is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed ...

CVE-2022-48284

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-48284

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-48283

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-48284

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-48284

CVE-2022-48284 affects Huawei’s whole-home intelligence software (Huawei HiLink AI Life) with an Incorrect Privilege Assignment vulnerability in authorization/privilege handling. Root cause is a permission assignment error that can allow an attacker to access restricted functions. Documented impa...

CVE-2022-48283

CVE-2022-48283 concerns Huawei’s whole-home intelligence software with an Incorrect Privilege Assignment vulnerability. The available sources state that exploitation could allow attackers to access restricted functions, implying a potentially high impact on confidentiality, integrity, and availab...