Privilege escalation

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2022-29526

CVE-2022-29526 is a privilege-assignment flaw in Go’s Faccessat path (go1.17.10 and go1.18.2 fixes cited in initial description). The provided connected documents confirm this CVE affects multiple downstream packages (e.g., buildah, podman, cni, containernetworking-plugins, golang, sriov-network-...

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2022-1596

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...

Code injection

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...

CVE-2022-1596 ABB Relion REX640 Insufficient file access control

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...

CVE-2022-1596

CVE-2022-1596 affects ABB REX640 PCL1/2/3. The vulnerability is described as an Incorrect Permission/Privilege misdistribution that allows an authenticated attacker to access the user database file and potentially take control of an affected system node. Public data includes CVSS v3.1 base score ...

The vulnerability in the implementation of the Windows SMB network protocol of the Microsoft operating system allows a perpetrator to cause a service failure.

The vulnerability of the Windows SMB network protocol implementation in Microsoft Windows is related to the assignment of the zero pointer. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Malicious code in agent-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 217fcc369833f6ff3dc1d06acc53977e4efec8c7efca86e4811aa115598b353e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-891 Malicious code in agent-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 217fcc369833f6ff3dc1d06acc53977e4efec8c7efca86e4811aa115598b353e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...

Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the produc...

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. The software is primarily used to collect, index, and analyze the data it generates, including data generated by all IT systems and infrastructure physical, virtual machines, and cloud.A resource privilege assignment err...

Siemens Xpedition Designer

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1791)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1791)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows ...

CVE-2022-30832

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/clientassign.php?booking=31&userid=...

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices allows a perpetrator to escalate their privileges or execute arbitrary commands.

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary commands...