39 matches found
PT-2025-26717
Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.5 macOS Sequoia versions prior to 15.5 Description A flaw allows a website to potentially spoof the domain name displayed in a pop-up window's title bar. This occurs due to improved truncation when displaying the...
CVE-2025-3517
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username...
CVE-2025-3395
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...
CVE-2024-10359
In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...
The vulnerability of the dmirror_device_evict_chunk() function in the lib/test_hmm.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the dmirrordeviceevictchunk function in the lib/testhmm.c module of the Linux operating system is related to the assignment of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2024-10359
In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...
CVE-2024-45657 IBM Security Verify Access incorrect privilege assignment
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment...
CVE-2024-11716
While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...
CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10978)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...
AnythingLLM 安全漏洞
AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from allowing users with the Manager role to escalate their privileges to the Administrator role via a bulk assignment issue...
CVE-2024-1936
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...
PT-2023-2236 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in permission assignment for files, which can allow a remote attacker to execute arbitrary...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
GHSA-C7RM-W2HJ-X8G3 Guard bypass in Eloquent models affecting Laravel illuminate database component
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
CVE-2021-28696
IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none...
IBM QRadar SIEM Incorrect Privilege Assignment Local Elevation of Privilege Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM...
[SECURITY] [DSA 173-1] New bugzilla packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 173-1 [email protected] http://www.debian.org/security/ Martin Schulze October 9th, 2002 http://www.debian.org/security/faq -...