华为 LTE USB Dongle 安全漏洞

Huawei LTE USB Dongle is a combination of hardware and software encryption product from Huawei China that plugs into the parallel port of the computer. It protects source code and algorithms from unauthorized use or against piracy threats. A security vulnerability exists in Huawei LTE USB Dongle,...

The vulnerability of the Files.createTempDir() implementation in the Java libraries of Google Guava allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Files.createTempDir function implementation in the Java libraries of Google Guava is related to the incorrect assignment of permissions for the temporary file directory. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected informati...

CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...

The vulnerability of the debian/sympa.postinst component of the Sympa mailing list manager allows a perpetrator to compromise the integrity of data by improperly assigning permissions for critical resources.

The vulnerability of the debian/sympa.postinst component of the Sympa mailing list manager is related to the assignment of an incorrect permission value. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

CVE-2020-27122

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...

CVE-2020-26182

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users...

The vulnerability of the software for deploying and using the SNMP protocol Net-SNMP arises from improper privilege assignment. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the software for deploying and using the SNMP protocol Net-SNMP exists due to incorrect privilege assignment. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential data, compromise its integrity, and cause service failur...

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to an improperly assigned privilege. The vulnerability can be exploited by an attacker to write to files in the /root directory by loggi...

CVE-2019-11896

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...

The vulnerability of the account management utility for the Shadow operating system in Astra Linux, which allows a hacker to trigger a service failure

The vulnerability of the account management utility for the Shadow operating system Astra Linux relates to the incorrect assignment of the permission level during user creation. Exploiting this vulnerability allows an attacker with privileged user rights to block access for newly created users...

CVE-2018-0293

A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

IBM QRadar Resource Management Vulnerability

IBM QRadar is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A resource management...

CVE-2017-12713

An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.220170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts...

Foscam camera directory permission misassignment vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera suffers from a directory permission misassignment vulnerability, due to which any local user can replace an archive to gain root privileges. The software...

libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices...