CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

CVE-2020-7916

Summary: CVE-2020-7916 affects WordPress LearnPress plugin versions 3.2.6.5 and earlier. The flaw resides in be_teacher in class-lp-admin-ajax.php, allowing any registered/authenticated user to call wp-admin/admin-ajax.php?action=learnpress_be_teacher and grant themselves the teacher role without...

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

CVE-2019-18577

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

Design/Logic Flaw

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access...

CVE-2019-18577

Dell EMC XtremIO XMS is affected by a local privilege escalation vulnerability in versions prior to 6.3.0, caused by incorrect permission assignment. A malicious local user with XtremIO xinstall privileges can gain root access. Remediation: upgrade to XtremIO XMS 6.3.0 or later (per cited securit...

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

Printers assigned to users through WEM are not created in ICA, RDP and console sessions

Printers assigned to users through WEM are not created in ICA, RDP and console sessions...

SUSE-SU-2020:0334-1 Security update for xen

This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. - CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. - CVE-2019-19581: findnextbit issues bsc1158003. -...

Exploit for Execution with Unnecessary Privileges in Pyinstaller

PyInstallerPriv...

CVE-2019-3683

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

Code injection

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

CVE-2019-3683

The CVE-2019-3683 issue affects the keystone-json-assignment package in SUSE Openstack Cloud 8 prior to commit d7888c75505465490250c00cc0ef4bb1af662f9f. The root cause is that every user listed in /etc/keystone/user-project-map.json was granted full member access to every project, enabling these ...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Server Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with a valid session, with...

Authentication Bypass

moodle is vulnerable to authentication bypass. The vulnerability exists as the removal of the cohort role assignment does not properly revoke the associated capabilities...

CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

Design/Logic Flaw

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

CVE-2019-14879

Summary (CVE-2019-14879): Moodle prior to version 3.7.3 (3.7.x), 3.6.x prior to 3.6.7, and 3.5.x prior to 3.5.9 contains a logic issue where, after removing a cohort role assignment, the related capabilities were not revoked (where applicable). This can leave previously granted capabilities in ef...