FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement

An improper handling of insufficient permissions or privileges vulnerability CWE-280 in FortiAnalyzer and FortiManager may allow an authenticated attacker to bypass the device policy and force the password-change action for its user...

CVE-2020-10072

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges CWE-280. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc...

Input validation

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges CWE-280. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc...

CVE-2020-10072

CVE-2020-10072 concerns Zephyr RTOS with an improper handling of insufficient permissions or privileges (CWE-280). Affected releases are Zephyr versions >= v1.14.2 and >= v2.2.0. The vulnerability is rooted in how privileges are managed within the Zephyr kernel/OS, potentially impacting con...

CVE-2020-10072 Improper Handling of Insufficient Permissions or Privileges in zephyr

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges CWE-280. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc...

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-28...

Splunk 6.6.x Local Privilege Escalation Vulnerability

Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges. Title: Splunk Local Privilege Escalation...

BigAnt IM Message server and components contain multiple vulnerabilities

Overview BigAnt IM Message server and components contain multiple vulnerabilities which could allow an attacker to perform administrative functions on the the system Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-6273During the SH...

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...