CVE-2021-24017

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler...

Tecknodreams SapphireIMS Incorrect Privilege Assignment Vulnerability

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971, where a guest user can change the password of an administrative user by using an insecure object direct referen...

CVE-2021-36365

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

Code injection

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

CVE-2021-36365

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

CVE-2021-36363

Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php...

CVE-2021-36363

Nagios XI prior to 5.8.5 is affected by an Incorrect Permission Assignment in migrate.php. The issue enables improper access control, with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) and CVSS 2.0 base 7.5, indicating high to critical impact over network attack without authentica...

Samba 3.0.25 <= 3.0.25c Vulnerability (CVE-2007-4138)

Incorrect primary group assignment domain users using the rfc2307 or sfu winbind nss info plugin. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

VMware vCenter Server Appliance Service Lifecycle Manager Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Security Updates for Microsoft Visual Studio Products (September 2021)

The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - A permission assignment vulnerability exists in Visual Studio after installing the Game development with C++ and selecting the Unreal Engine Installer workload. The...

The vulnerability of the SFTP service in the agent management software environment for ConfD network elements allows attackers to escalate their privileges.

The vulnerability of the SFTP service in the agent software environment for ConfD network elements is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Gokart - A Static Analysis Tool For Securing Go Code

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA single static assignment form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compar...

Denial Of Service (DoS)

Xen is vulnerable to denial of service. Upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore...

Explaining and Troubleshooting WriteCache Disk Drive Letter Assignment

This article explains the process involved on drive letter assignments for target devices and how to troubleshoot writecache drive letter changes. Background Mount Manager is the component responsible for managing volume names and drive letter assignments on windows. It has a database that is...

CVE-2021-22684

CVE-2021-22684 affects Samsung Tizen RT RTOS 3.0.GBB. It is caused by integer wrap-around in memory allocation helpers calloc and mm_zalloc, leading to improper memory assignment and potential arbitrary memory allocation or a crash. Connected sources confirm the vulnerability and CVE assignment; ...

CVE-2021-28696

IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...

ordered_float:NotNan may contain NaN after panic in assignment operators

After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...

GHSA-566X-HHRF-QF8M ordered_float:NotNan may contain NaN after panic in assignment operators

After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...