Code injection

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files...

CVE-2022-37003

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files...

CVE-2022-37003

CVE-2022-37003 concerns the AOD module of HarmonyOS, describing a vulnerability in permission assignment that can lead to privilege escalation and unauthorized access to files. Primary sources (NVD, Red Hat, CVE lists) consistently attribute the issue to incorrect permission handling in the AOD c...

CVE-2022-37003

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files...

CVE-2022-2626

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6...

CVE-2022-2626

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6...

Design/Logic Flaw

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6...

CVE-2022-2626 Incorrect Privilege Assignment in hestiacp/hestiacp

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6...

CVE-2022-2626 Incorrect Privilege Assignment in hestiacp/hestiacp

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6...

CVE-2022-2626

CVE-2022-2626 affects hestiacp/hestiacp prior to 1.6.6. The issue is incorrect privilege assignment that can escalate privileges (admin user) to root due to sudo rights, enabling unauthorized actions with high impact. Reported details indicate the admin account can run root-level commands via sud...

hestiacp 安全漏洞

hestiacp is a lightweight and powerful control panel for modern networks. A security vulnerability exists in hestiacp versions prior to 1.6.6 that stems from incorrect privilege assignment...

[SECURITY] Fedora 36 Update: golang-x-tools-0.1.10-3.fc36

This package holds the source for various tools that support the Go programmi ng language. Some of the tools, godoc and vet for example, are included in binary Go distributions. Others, including the Go guru and the test coverage tool, can be fetched with go get. Packages include a type-checker f...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none...

CVE-2021-22648 Ovarro TBox Incorrect Permission Assignment for Critical Resource

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

Design/Logic Flaw

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2022-1655

CVE-2022-1655 affects Horizon on Red Hat OpenStack. The underlying issue is an incorrect permission handling for critical resources: Horizon session cookies are created without the HttpOnly flag even when HorizonSecureCookies is true. This could lead to confidentiality/integrity risks for user se...