getOrCreatePosition doesn't work as expected

Lines of code Vulnerability details getOrCreatePosition doesn't work as expected Impact Function getOrCreatePosition doesn't assign any value to positions, it just return the value from some key, leading to incorrect expected values and wrong functionality Proof of Concept function...

PT-2022-6796 · Ceph +5 · Ceph +5

Name of the Vulnerable Software and Affected Versions: Ceph affected versions not specified Description: A privilege escalation flaw was found in Ceph, specifically in the Ceph-crash.service component. This issue allows a local attacker to escalate privileges to root in the form of a crash dump,...

Mass Assignment leads to Stored XSS

Description The application is vulnerable to mass assignment in the User object. A user is able to enable their own account and change their username. The username is not properly sanitized in the admin user overview, leading to a stored XSS attack. Proof of Concept Steps to reproduce: 1. Log in...

The vulnerability of the Samba network communication software package, related to incorrect privilege assignment, allows a perpetrator to gain access to confidential data.

The vulnerability of the Samba networking communication package is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to gain access to confidential data remotely...

The vulnerability of the SCSI am53c974 adapter driver in the hardware emulation software QEMU allows a hacker to induce a service failure.

The vulnerability of the SCSI am53c974 adapter driver in the QEMU hardware emulation software is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to cause a system failure...

The vulnerability of the ioport hardware emulation software under QEMU, related to pointer swapping errors, allows a hacker to trigger a service failure.

The vulnerability of the ioport hardware emulation software under QEMU is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to trigger a service failure...

PT-2022-34252 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue is related to the assignment of scpi info in the arm scpi firmware. If the probe fails, scpi info should not be assigned. The actual impact and attack plausibility of this issue...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3291-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3291-1 advisory. - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment...

CVE-2022-2332

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...

Design/Logic Flaw

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...

CVE-2022-2332 Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...

CVE-2022-2332 Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment...

CVE-2022-2332

CVE-2022-2332 is tied to Honeywell SoftMaster 4.51 with an incorrect permission assignment (CWE-732) that allows a local unprivileged attacker to escalate to administrator privileges. The vulnerability is documented in several sources (NVD, CVE List, CISA/ICS advisories) and is part of a dual-iss...

CVE-2022-40154

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2022-40153

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...

UBUNTU-CVE-2022-40153

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...

The vulnerability of the MariaDB database, related to pointer assignment errors, allows attackers to cause service failures.

The vulnerability of the MariaDB database lies in pointer assignment errors. Exploiting this vulnerability allows an attacker to cause service failures...

The vulnerability of the QEMU hardware emulation software, related to pointer swapping errors, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation software is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to trigger a service failure...

The vulnerability of the do_mouse() function in the Vim text editor allows a hacker to compromise the accessibility of the protected information.

The vulnerability of the domouse function in the Vim text editor is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...

Mass Assignment in Self Controller Leads To Vertical Privillege Escalation

Description Hello there, y'all! How are you doing? Hope you are doing great! I was testing Budibase and noticed that the api endpoint /api/global/self, which is used for different purposes updating an user's name or their password, always receives an entire object containing most of the attribute...