Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Inaba Denki Sangyo Wi-Fi AP UNIT 安全漏洞

Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo Inaba Denki Sangyo, a Japanese company. A security vulnerability exists in Inaba Denki Sangyo Wi-Fi AP UNIT v2.0.03P and prior versions, which stems from an improperly assigned privilege that could lead to tampered settin...

The vulnerability of the dcn10_log_color_state() function in the drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c driver module allows a hacker to cause a service failure. This vulnerability is related to the Direct Rendering Infrastructure (DRI) support in AMD graphics cards for Linux operating systems.

The vulnerability of the dcn10logcolorstate function in the drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10hwseq.c driver module relates to the assignment of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

CVE-2024-13248

Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0...

PT-2024-32444 · Huawei · Honor

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue is related to an incorrect privilege assignment, which could lead to device service exceptions if successfully exploited. Recommendations: At the moment, there is no...

Devolutions Server 产品安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.8.0 and prior versions, which stems from an incorrect assignment of privileges in...

The vulnerability of the Group Membership Handler component in the Siemens SINEMA Remote Connect server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Group Membership Handler component in the Siemens SINEMA Remote Connect server is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected...

CVE-2024-8805

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within...

CVE-2024-41970

CVE-2024-41970 concerns multiple WAGO devices (e.g., CC100, Edge Controller 0752-8303/8000-0002, PFC100/200 series and related models) where a permissions misconfiguration on critical resources grants a low-privileged remote attacker access to forbidden diagnostic data. The issue is described as ...

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in a number of WAGO products. The vulnerability stems from...

DEBIAN-CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

AZL-53209 CVE-2024-10978 affecting package postgresql for versions less than 16.5-1

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

UBUNTU-CVE-2024-10978

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

PT-2024-8667 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.3 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue allows an attacker to create a group with a name matching an existing unique Pages domain,...

PT-2024-39453

Name of the Vulnerable Software and Affected Versions Olgu Computer Systems e-Belediye versions prior to 2.0.642 Description The issue allows external control of file name or path due to incorrect permission assignment for critical resources, enabling manipulation of web input to file system call...

pulpcore: RBAC permissions incorrectly assigned in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

Veeam ONE 安全漏洞

Veeam ONE is a suite of IT monitoring and reporting tools from Veeam USA. The product supports features such as backup monitoring, operational status monitoring of virtual and physical environments. A security vulnerability exists in Veeam ONE version 12.1.0.3208 and previous versions 12, which...

CVE-2024-7143 Pulpcore: rbac permissions incorrectly assigned in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

Zexeron ZWX-2000CSW2-HN 安全漏洞

The Zexeron ZWX-2000CSW2-HN is a high-speed coaxial modem from Zexeron Japan. A security vulnerability exists in the Zexeron ZWX-2000CSW2-HN prior to version 0.3.15, which stems from the presence of incorrect privilege assignments for critical resource issues, which could allow a network-adjacent...