PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

PostgreSQL project reports: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when...

Vulnerability in core server (CVE-2024-10978)

PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...

Siemens SINEC NMS Privilege Assignment Error Vulnerability

SINEC NMS is a new generation network management system for digital enterprises. The system enables centralized monitoring, management and configuration of the network. A privilege assignment error vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to write arbitrary...

The vulnerability of HashiCorp’s Vault and Vault Enterprise storage platforms, which involve improper privilege assignment, allows attackers to escalate their privileges.

The vulnerability of the HashiCorp Vault and Vault Enterprise archiving platforms for corporate information lies in improper privilege assignment. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges...

CVE-2024-50506

CVE-2024-50506 affects WordPress Marketing Automation by AZEXO plugin (versions

PT-2024-34281 · Unknown · Matt Whiteman Bulk Change Role

Name of the Vulnerable Software and Affected Versions: Matt Whiteman Bulk Change Role versions n/a through 1.1 Description: The issue is related to an Incorrect Privilege Assignment vulnerability that allows Privilege Escalation in Matt Whiteman Bulk Change Role. Recommendations: For Matt Whitema...

PT-2024-34282 · Azexo · Marketing Automation

Name of the Vulnerable Software and Affected Versions: Marketing Automation by AZEXO versions 1.27.80 and earlier Description: The issue is related to an Incorrect Privilege Assignment, which allows Privilege Escalation. Recommendations: For versions 1.27.80 and earlier, at the moment, there is n...

CVE-2024-50550

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1...

CVE-2024-50550 WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through = 6.5.1...

CVE-2024-50485

Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through = 1.5...

CVE-2024-50481

Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through = 1.0.1...

PT-2024-34258 · Unknown · Bstone Demo Importer

Name of the Vulnerable Software and Affected Versions: Bstone Demo Importer versions 1.0.1 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows for Privilege Escalation. Recommendations: For Bstone Demo Importer versions 1.0.1 and earlier,...

Siemens InterMesh Subscriber Devices Incorrect Privilege Assignment Vulnerability

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. An incorrect privilege assignment vulnerability exists in Siemens InterMesh Subscriber Devices, which is due to an affected device containing a SUID binary file that can be exploit...

ROS-20241023-03

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to improper privilege assignment. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate privileges...

Siemens InterMesh Subscriber Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-49608

Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through = 1.0...

CVE-2024-49217

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through = 1.1...

CVE-2024-49217

CVE-2024-49217 concerns the WordPress plugin Adding drop down roles in registration (versions

CVE-2024-49322 WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through = 1.0...

CVE-2024-49322 WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through = 1.0...