CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

CVE-2024-43784

CVE-2024-43784 affects lakeFS: when creating a new user with a username that previously belonged to a deleted user, the new user inherits all of the deleted user’s credentials. This is fixed in lakeFS release v1.33.0 and later. Affected users should upgrade to ≥1.33.0; if upgrading is not possibl...

CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

Apple Xcode 安全漏洞

Apple Xcode is a set of integrated development environments provided to developers by Apple Inc. in the United States, which is primarily used to develop applications for Mac OS X and iOS. A security vulnerability exists in Apple Xcode version 16, which originates from an application that may be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper call to a sleep function from an invalid context in the qgroup inheritance operation of the btrf...

The vulnerability of the StorageKit component in operating systems such as iPadOS, iOS, and macOS allows attackers to elevate their privileges to the root level.

The vulnerability of the StorageKit component in iPadOS, iOS, and macOS is related to inheritance permissions errors. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

CVE-2024-39677

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

Malicious code in acts-as_list_with_sti_support (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

GHSA-QCJ3-WPGM-QPXH XWiki programming rights may be inherited by inclusion

Impact The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include macro...

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include macro...

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in versions of XWiki Platform prior to 15.0-rc-1, which stems from the possibility that programming privileges may be inherited via include, which could le...

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

GHSA-X4RJ-F7M6-42C3 TYPO3 CMS Authentication Bypass vulnerability

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

TYPO3 CMS Authentication Bypass vulnerability

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

AZL-47691 CVE-2023-52755 affecting package kernel for versions less than 5.15.140.1-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...

AZL-47639 CVE-2023-52755 affecting package kernel for versions less than 6.6.3.1-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...

DEBIAN-CVE-2023-52755

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...

GitLab 1.0 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13308)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a...