106 matches found
CVE-2025-48902
CVE-2025-48902 affects Huawei HarmonyOS/EMUI and is described as a vulnerability in the setting module leading to potential availability impact. Public documentation in connected sources provides CVSS metrics (AV:L, AC:H, PR:L, UI:R, S:C, C:L/I:L/A:H) and notes exploitation is not detailed in the...
CVE-2024-21902
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...
CVE-2023-31454
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...
CVE-2023-46142
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...
CVE-2020-9227
Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this...
CVE-2025-3394
Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...
CVE-2025-2442
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...
RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova update (Moderate) (RHSA-2016:2991)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2991 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...
Gradio 资源管理错误漏洞
Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A resource management error vulnerability exists in Gradio version 98cbcae, which stems from a regular expression used by the gr.Datetime componen...
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode...
Atlassian Confluence 3.x < 7.19.29 / 8.0.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.1 < 9.1.1 (CONFSERVER-98484)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98484 advisory. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An...
Unauthorized Resource Access
github.com/rancher/steve is vulnerable to Unauthorized Resource Access. The vulnerability is due to improper authorization checks, allowing users with minimal generic permissions to access and watch restricted resources...
Siemens SCALANCE M-800 Missing Release of Resource after Effective Lifetime (CVE-2024-28882)
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...
RHEL 7 : openstack-cinder (RHSA-2017:0156)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0156 advisory. OpenStack Block Storage cinder manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical...
Insecure Default Initialization Of Resource
org.apache.solr, solr-core is vulnerable to Insecure Default Initialization of Resource. The vulnerability is due to the failure to set the "trusted" metadata when ConfigSets are created via a Restore command from a backup, allowing unauthorized ConfigSets to be trusted and potentially load custo...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a dependency checking issue in the RDMA/iwcm component during a flushworkqueue call...
BIT-SOLR-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
CVE-2024-45217
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
CVE-2024-45217
CVE-2024-45217 describes an insecure default initialization of resources in Apache Solr. New ConfigSets created via Restore may be created without the trusted metadata, causing some ConfigSets to be implicitly trusted and potentially able to load custom code into classloaders. The issue affects S...
Axis Communications Autodesk Plugin AxisAddin axisapphelpfiles Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...