CVE-2019-11893

The CVE-2019-11893 entry describes an incorrect privilege assignment vulnerability in the Bosch Smart Home Controller (SHC) app permission update API. Affected product: Bosch SHC prior to version 9.8.905. Vulnerable component: the app permission update API where privilege assignments can be misap...

CVE-2019-11893 Incorrect privilege assignment in the app permission update API of the Bosch Smart Home Controller (SHC)

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...

CVE-2019-11891 Incorrect privilege assignment in the app pairing mechanism of the Bosch Smart Home Controller (SHC)

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...

CVE-2019-11891

CVE-2019-11891 affects the Bosch Smart Home Controller (SHC) prior to version 9.8.905, with an incorrect privilege assignment in the app pairing mechanism that can lead to elevated privileges. Exploitation requires physical access to the SHC. The issue is described with a high-severity impact ( c...

The Number of vCPUs Assigned To A Guest Causes VIFs To Go Offline

Increasing the number of vCPUs assigned to a VM will reduce the number of available. For instance 10 vCPUs will have 7 active VIFs but 12 vCPUs will only allow 6 active VIFs...

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment

macOS 10.14.5 / iOS 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds...

Apple macOS &lt; 10.14.5 / iOS &lt; 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register

While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds ./Tools/Scripts/build-jsc --jsc-only --debug or --release: // Run with --useConcurrentJIT=false...

DRUPAL-CONTRIB-2019-048

This module enables you to use special routes for user registration with special roles and custom field sets defined for the role. The module doesn't sufficiently check which user roles can be registered under the scenario when the user tries to register the user with the administrator role. This...

Rockwell Automation/Allen-Bradley Multiple Devices Denial of Service

Binary data 720096.prm...

The vulnerability of the virJSONValueObjectHasKey function in the Libvirt management library allows a attacker to trigger a service failure.

The vulnerability of the virJSONValueObjectHasKey function in the Libvirt virtualization management library arises from the assignment of a null pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

Design/Logic Flaw

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

Design/Logic Flaw

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

CVE-2018-4073

Concisely: CVE-2018-4073 affects Sierra Wireless AirLink ES450 (and related GX450) running FW 4.9.3, involving Embedded_Ace_Set_Task.cgi/Embedded_Ace_TLSet_Task.cgi in ACEManager. The flaw enables an authenticated user (or an attacker who can access via SSH) to perform arbitrary setting writes, e...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2018-4072

The CVE-2018-4072 vulnerability affects Sierra Wireless AirLink ES450 running FW 4.9.3, in the ACEManager EmbeddedAceSet_Task.cgi component. Affected by a permission-assignment flaw that allows an authenticated user to modify configuration values via the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoin...

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

Talos Vulnerability Report TALOS-2018-0756 Sierra Wireless AirLink ES450 ACEManager EmbeddedAceSetTask.cgi Permission Assignment Vulnerability April 25, 2019 CVE Number CVE-2018-4072, CVE-2018-4073 Summary An exploitable Permission Assignment vulnerability exists in the ACEManager...

Incorrect Permission Assignment for Critical Resource

In Kubernetes, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files ma...