Authorization Bypass

Netmaker is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization logic in the Authorize middleware, where a valid host JWT token is accepted when hostAllowed=true without verifying that the host is authorized to access the specific target resource, allowing acces...

CVE-2025-69233

Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable resource authorization checks, which could allow unauthorized access to transform...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check resource validity, which could result in a null pointer dereference...

The vulnerability of the fTPM driver’s microprogramming software for AMD processors allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fTPM driver’s microprogramming software for AMD processors lies in improper checking of resource allocation values and execution of calculations. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected...

SUSE CVE-2018-8043

The unimacmdioprobe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service NULL pointer dereference...

GHSA-QF8X-VQJV-92GR Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter

Impact Weak validation of the Apple certificate URL in the Apple Game Center authentication adapter allows to bypass authentication and makes the server vulnerable to DoS attacks. Patches The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource...

CVE-2022-24901

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource th...

CVE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource th...

Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices

For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...

The vulnerability of the Apport error registration service arises from insufficient checks on the status of the shared resource. This allows attackers to elevate their privileges and execute arbitrary code.

The vulnerability of the Apport error logging service exists due to insufficient checks on the status of the shared resource. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

The vulnerability of the fsnotify package in the Linux operating system allows a hacker to trigger a service failure or increase their privileges.

The vulnerability of the fsnotify package in Linux operating systems exists due to insufficient checking of resource states when resources can be used concurrently when both inotifyhandleevent and vfsrename functions are executed simultaneously. Exploiting this vulnerability allows a local attack...

The vulnerability of the Junos operating system, which allows a hacker to increase their privileges

The vulnerability of the Junos operating system exists due to insufficient checks on the status of resources when they can be used concurrently. Exploiting this vulnerability allows a malicious actor to enhance their privileges using the URL parameter...

DNS BIND server vulnerability, allowing attackers to cause service failures

The vulnerability of the DNS BIND server exists due to insufficient checks on the status of the shared resource. Exploiting this vulnerability allows a malicious actor to cause service failures—such as errors in the INSIST assertion and termination of the daemon process...