CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

CVE-2024-36623

A flaw was found in Moby's streamformatter package. This vulnerability allows data corruption or application crashes via multiple concurrent write operations triggered by a race condition. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...

BIT-MATTERMOST-2024-42497

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams...

GO-2024-3091 Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server

Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server...

Mattermost Permission Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a permissions issue vulnerability that stems from a failure to properly enforce permissions, which can be exploited by an attacker to perform write operations on a team...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams...

CVE-2024-42497

A flaw was found in the mattermost package where it fails to properly enforce permissions. This flaw allows a user with a system manager role and read-only access to perform write operations...

CVE-2024-42497 Insufficient permissions checks on teams

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a permissions issue vulnerability that stems from a failure to properly enforce permissions, which can be exploited by an attacker to perform write operations on a team...

CVE-2024-5815

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

CVE-2024-5815

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

CVE-2024-5815 Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

CVE-2024-5815

CVE-2024-5815 is a Cross-Site Request Forgery in GitHub Enterprise Server that permits write operations on a victim-owned repository when an attacker who is a trusted GHE user induces the victim to visit a tag in the attacker’s fork. The issue affects all GitHub Enterprise Server versions prior t...

CVE-2024-5815 Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

CVE-2024-22280

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database...

CVE-2024-5633

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform...

CVE-2024-5633

Affected product: Longse model LBH30FE200W cameras and related devices. Vulnerability: unrestricted access to an undocumented binary service (CoolView) on a local network port, enabling an attacker to read/write device memory and potentially bypass Telnet login to gain full control. Impact (as st...

CVE-2024-5633

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform...

Fortinet FortiADC Security Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC that stems from the presence of an improper access control vulnerability that allows a read-only authentication attacker to perform certain write operations via a craft...

CVE-2024-1305

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space...