CVE-2022-48284

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-48283

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-48283

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2017-0991

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

CVE-2023-25569

CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...

SUSE CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

SUSE CVE-2015-4489

The nsTArrayImpl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging a self assignment...

SUSE CVE-2016-10318

A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of...

SUSE CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page...

SUSE CVE-2019-3683

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

SUSE CVE-2020-8029

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416...

SUSE CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

SUSE CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

SUSE CVE-2022-40153

DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...

IP Assignment Method Detection

Binary data ipassignmentmethod.nbin...

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

Rocky Linux 9 : go-toolset and golang (RLSA-2022:5799)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5799 advisory. - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function cou...

Use-After Free

python-django-horizon is vulnerable to Use-After Free. An Incorrect Permission Assignment for Critical Resource flaw allows Horizon session cookies to be created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files...

CVE-2023-22326

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell tmsh dig command which...

Command injection

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell tmsh dig command which...