Eaton Intelligent Power Manager Incorrect Privilege Assignment Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A security vulnerability exists in Eaton Intelligent Power Manager version 1.67 and earlier. An attacker ca...

CVE-2020-12690

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

CVE-2020-6652

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...

CVE-2020-6652

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...

CVE-2020-6652 Incorrect privilege assignment allowing non-admin users to upload config files

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...

CVE-2020-6652

CVE-2020-6652 affects Eaton Intelligent Power Manager (IPM) v1.67 and earlier. The vulnerability is an incorrect privilege assignment that lets non-admin users upload system configuration files by sending specially crafted requests, potentially enabling manipulation of configurations with paramet...

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

PYSEC-2020-54

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

Product release: Virtuozzo Infrastructure Platform 3.5 Update 3 (3.5.3-18)

This update provides bug fixes and improvements. Vulnerability id: VSTOR-33034 Assigning tier 0 to a cache disk makes no effect. The disk does not receive the "journaltier" parameter and can be used by storage disks of other tiers. Vulnerability id: VSTOR-33032 S3 cluster creation fails with a...

The vulnerability of Siemens SINEMA Server software for network management and configuration allows a perpetrator to compromise the confidentiality, integrity, and accessibility of vulnerable systems and basic components.

The vulnerability of Siemens SINEMA Server network management and configuration software is related to incorrect privilege assignment. Exploiting this vulnerability can allow an attacker to remotely compromise the confidentiality, integrity, and accessibility of the vulnerable system and its...

Rockwell Automation RSLinx Classic

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local authenticated...

CVE-2020-1989

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...

CVE-2020-1989 Global Protect Agent: Incorrect privilege assignment allows local privilege escalation

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...

GlobalProtect App: Incorrect privilege assignment allows local privilege escalation

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect App for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks GlobalProtect App for Linux...

Adobe Acrobat Pro DC Genuine Software Service Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Genuine Software Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2019-10394

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts...

ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment

A stack-based buffer overflow was discovered in ImageMagick in the way it writes PNM images due to a misplaced assignment. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by...

Unspecified Vulnerability in Apple iOS and iPadOS Safari Components (CNVD-2020-23219)

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Safari is a component of the Safari browser.Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability in the Safari component of Apple iOS prior to...

Dell EMC XtremIO XMS Privilege Assignment Vulnerability

Dell EMC XtremIO XMS is a suite of XtremIO Enterprise Storage Platform management software from Dell USA. A security vulnerability exists in Dell EMC XtremIO XMS prior to version 6.3.0, which stems from an incorrect privilege assignment. A local attacker could exploit the vulnerability to gain ro...