Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability

...

PT-2021-4806 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue exists due to insufficient input validation in the Windows Hyper-V Discrete Device Assignment DDA component. This can be exploited to cause a denial of service...

CVE-2018-25019

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0120)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a...

The vulnerability of the QEMU hardware emulation software, related to pointer swapping errors, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation software is related to pointer assignment errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0177)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted...

The vulnerability of the software-hardware complex for protecting information from unauthorized access—“Akord-V”—is related to the violation of established role assignments. This allows an intruder to bypass the access restrictions for resources of the ABI/AVI system for the system administrators and execute arbitrary code on behalf of the system.

The vulnerability of the software-hardware complex for protecting information from unauthorized access, “Akord-V,” is related to the violation of established role assignments. Exploiting this vulnerability allows an intruder to bypass the access restrictions for ARMs of types ABI/AVI for ARM...

CVE-2021-42011

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

Design/Logic Flaw

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2021-42011

CVE-2021-42011 refers to an incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service. The issue allows a local attacker who already has low-privilege code execution to load a DLL with escalated privileges, compromising affected installations. Supported detai...

CVE-2021-42011

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2021-31377

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon RPD to crash and restart, causing a Denial of Service DoS. Repeated actions by the attacker will create a...

Design/Logic Flaw

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon RPD to crash and restart, causing a Denial of Service DoS. Repeated actions by the attacker will create a...

Financial loss :: commissionAvailableToRedeem is assigned incorrectly

Handle csanuragjain Vulnerability details Impact This can lead to financial loss where validator will lose the commissionAvailableToRedeem Proof of Concept 1. Navigate to 2. Check the redeemRewards function 3. Let us consider the case where msg.sender == v.address ifmsg.sender == v.address...

AUVESY Versiondog

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AUVESY Equipment: Versiondog Vulnerabilities: Improper Access Control, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Cryptographic Key, Out-of-bounds Read, Use After Free,...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. A security vulnerability exists in Trend Micro Apex One that stems from incorrect privilege assignment. The vulnerability can be exploited ...

Juniper Junos OS Vulnerability (JSA11242)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11242 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routi...

GHSA-362V-WG5P-64W2 Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

The vulnerability of the OpenDMARC authentication implementation, related to pointer assignment errors, allows a perpetrator to trigger a service denial.

The vulnerability of the OpenDMARC authentication implementation is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to trigger a service failure remotely...