Huawei HiLink AI Life 安全漏洞

Huawei HiLink AI Life is a whole-house smart solution from Huawei, a Chinese company. A security vulnerability exists in Huawei HiLink AI Life. The vulnerability stems from a misassignment of privileges in the software, which allows an attacker to access restricted functionality and affects the...

SUSE CVE-2021-25318

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16...

PT-2022-26503

Name of the Vulnerable Software and Affected Versions M-Files versions prior to 22.8.11691.0 Description The issue allows a low privilege user to change some configuration due to incorrect privilege assignment in M-Files Web Classic. Recommendations For versions prior to 22.8.11691.0, update to...

M-Files Web 安全漏洞

M-Files Web is an intelligent information management platform from M-Files USA, Inc. It is used to optimally support users in their daily work. A security vulnerability exists in M-Files Web versions prior to 22.8.11691.0 that stems from incorrect privilege assignment. An attacker exploiting the...

PT-2022-26509

Name of the Vulnerable Software and Affected Versions M-Files Web versions before 22.5.11436.1 Description The issue is related to an incorrect privilege assignment in M-Files Web, which could have resulted in accidental changes to permissions. Recommendations For M-Files Web versions before...

CVE-2022-1606

Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects...

CVE-2022-1606

Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects...

Amazon Linux 2022 : golist (ALAS2022-2022-192)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-192 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

HYPR 安全漏洞

HYPR is a security application that implements password-less security from HYPR, Inc. A security vulnerability exists in HYPR Workforce Access that stems from a misassignment of permissions on its critical resources can lead to authentication abuse...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the improper assignment of permissions to critical resources, allowing a violator to execute arbitrary code.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker to execute arbitrary code...

AZL-45402 CVE-2022-29526 affecting package delve 1.5.0-16

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-43900 CVE-2022-29526 affecting package delve 1.5.0-20

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-35283 CVE-2022-29526 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

CVE-2022-23448

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local...

CVE-2022-1225

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

MediaTek 多款产品安全漏洞

MediaTek Mt Series is a series of smartphone chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in several MediaTek products, which stems from an incorrect assignment of permissions in the ims service, which may result in unexpected application behavior. The followi...

The vulnerability of the systemd service initialization and management subsystem, related to improper privilege binding, allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the systemd service initialization and management subsystem is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

CVE-2021-36365

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh...

CVE-2021-23897

CVE-2021-23897 is rejected and not associated with an active vulnerability.

QSAN Storage Manager 授权问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An authorization issue vulnerability exists in QSAN Storage Manager prior to version 3.3.1 build 202101041800, which stems from the product misassigning permissions on critical resource management and can...