53 matches found
CVE-2023-6917
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...
CVE-2023-6917
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...
CVE-2023-6917
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...
CVE-2021-41613
An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...
PT-2023-12379 · Unknown · Openrisc Mor1Kx Processor
Name of the Vulnerable Software and Affected Versions: OpenRISC mor1kx processor affected versions not specified Description: An issue was discovered in the controller unit of the OpenRISC mor1kx processor, where the read/write access permissions to the Exception Program Counter Register EPCR are...
K24465120: iControl REST vulnerability CVE-2017-6167
Security Advisory Description Race conditions in iControl REST may lead to commands executed with different privilege levels than expected. CVE-2017-6167 Impact Sending asynchronous tasks using the iControl REST API may be processed as the wrong user and result in an error. Security Advisory Stat...
SUSE CVE-2010-0306
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not use the Current Privilege Level CPL and I/O Privilege Level IOPL to restrict instruction execution, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the...
CVE-2022-20819 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly...
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly...
Input validation
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive dat...
CVE-2022-20680 Cisco Prime Service Catalog Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive dat...
Cisco Identity Services Engine Sensitive Information Disclosure (cisco-sa-ise-info-disc-pNXtLhdp)
According to its self-reported version, Cisco Identity Services Engine Software is affected by a sensitive information disclosure vulnerability in the web-based management interface due improper enforcement of administrator privilege levels for low-value sensitive data. An authenticated, remote...
CVE-2021-34702
CVE-2021-34702 affects Cisco Identity Services Engine (ISE) via the web-based management interface. The issue is an improper enforcement of administrator privilege levels for low-value sensitive data, allowing an authenticated, read-only administrator to browse to pages containing sensitive data ...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions prior to 5.8 that allows...
Cisco Identity Services Engine Sensitive Information Disclosure (cisco-sa-ise-info-exp-8RsuEu8S)
According to its self-reported version, Cisco Identity Services Engine Software is affected by multiple information disclosure vulnerabilities in its admin portal component due to improper enforcement of administrator privilege levels for sensitive data. An authenticated, remote attacker can...
CVE-2021-1416
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...
Information disclosure
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...
CVE-2021-1416 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...
Multiple Pivotal RabbitMQ Products CVE-2019-11291 Cross Site Scripting Vulnerability
Description Multiple Pivotal RabbitMQ products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
CVE-2018-15718
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more...