Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

BarracudaDrive 6.5 Local Privilege Escalation Vulnerability

Exploit Title: BarracudaDrive v6.5 - User-System - Local Privilege Escalation Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 08-08-2020 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Teste...

The vulnerability of the isAuxiliaryVtabOperator component of the SQLite database management system allows a attacker to cause a service failure.

The vulnerability of the isAuxiliaryVtabOperator component in the SQLite database management system is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause service failures...

openstack-keystone: OAuth1 request token authorize silently ignores roles parameter

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...

Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...

Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...

Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...

Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none...

The vulnerability in the `hw/rdma/vmw/pvrdma_cmd.c` component of the PVRDMA virtual network adapter driver allows a hacker to trigger a service failure.

The vulnerability in the hw/rdma/vmw/pvrdmacmd.c component of the PVRDMA virtual network adapter’s hardware emulation software, QEMU, is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure by creating CQ/QP objects...

Node.js third-party modules: [json-bigint] DoS via `__proto__` assignment

I would like to report a DoS in json-bigint. It allows to cause denial of service using very limited input 70 bytes. Module module name: json-bigint version: 0.3.1 npm page: https://www.npmjs.com/package/json-bigint Module Description JSON.parse/stringify with bigints support. Based on Douglas...

CVE-2020-9225

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege...

CVE-2020-9225

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege...

CVE-2020-14214

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...

Authorization

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...

ABB System 800xA Base

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Base Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and...

Rockwellautomation Rslinx Incorrect Permission Assignment for Critical Resource

In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. File data ot500374.nasl...

Eaton Intelligent Power Manager (IPM) < 1.68 Multiple Vulnerabilities

Eaton Intelligent Power Manager IPM v1.67 and prior contain multiple vulnerabilities: - Improper Input Validation on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Eaton Equipment: Intelligent Power Manager Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...