GHSA-5M64-9HQ5-5PF2 Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

Incorrect Permission Assignment for Critical Resource

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

Design/Logic Flaw

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2021-43816

An incorrect permission assignment flaw was found in containerd. This flaw allows a local attacker to use a specially designed text file to read and write files outside of the container's scope...

Cross site scripting

Description 1. Login as teacher 2.Create a new assignment at https://www.rosariosis.org/demonstration/Modules.php?modname=Grades/Assignments.php&assignmenttypeid=3&assignmentid=new 3. Add this payload in discription 4. Save this assigment 5. You will see a prompt...

Improper File Deletion

Description A student uploaded a file when submitting an assignment. Then, if a teacher deletes that assignment, the attachment is still remained on the server and if anyone has the link to that file, he can access to it to view or download it. Steps to reproduce Login to the demo environment by...

Qualcomm 信息泄露漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits including primarily semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. An information disclosure vulnerability exists in several...

API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot

Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...

The vulnerability of the telldir function in the Perl programming language allows a hacker to cause a service failure.

The vulnerability of the telldir function in the Perl programming language is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...

The vulnerability of Adobe Illustrator’s graphic editor, related to pointer naming errors, allows a hacker to trigger a service failure.

The vulnerability of the Adobe Illustrator graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9313)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9313 advisory. - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug: 34012925 CVE-2022-1016 - btrfs: unlock newly allocated extent buffe...

GSD-2022-1001240 drm/amd/display: Call dc_stream_release for remove link enc assignment

drm/amd/display: Call dcstreamrelease for remove link enc assignment This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

GSD-2022-1000975 io_uring: abort file assignment prior to assigning creds

iouring: abort file assignment prior to assigning creds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...