3943 matches found
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
CVE-2025-10644 Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
DEBIAN-CVE-2023-53268
In the Linux kernel, the following vulnerability has been resolved: ASoC: fslmqs: move ofnodeput to the correct location ofnodeput should have been done directly after mqspriv-regmap = sysconnodetoregmapgprnp; otherwise it creates a reference leak on the success path. To fix this, ofnodeput is...
CVE-2023-53268 ASoC: fsl_mqs: move of_node_put() to the correct location
In the Linux kernel, the following vulnerability has been resolved: ASoC: fslmqs: move ofnodeput to the correct location ofnodeput should have been done directly after mqspriv-regmap = sysconnodetoregmapgprnp; otherwise it creates a reference leak on the success path. To fix this, ofnodeput is...
AZL-71227 CVE-2023-53218 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
DEBIAN-CVE-2023-53218
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
UBUNTU-CVE-2023-53218
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
CVE-2023-53218
The CVE-2023-53218 entry concerns the Linux kernel rxrpc path. A call created by sendmsg() could be aborted only after a connection assignment, but interrupted scheduling could cause subsequent sendmsg() calls to fail with EBUSY until an assignment occurs. The fix ensures that such a waiting rxrp...
CVE-2023-53218 rxrpc: Make it so that a waiting process can be aborted
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
CVE-2023-53218 rxrpc: Make it so that a waiting process can be aborted
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
CVE-2022-50270 f2fs: fix the assign logic of iocb
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...
SUSE CVE-2025-39797
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is expected to ensure uniqueness of the Security...
Security Bulletin: IBM QRadar SIEM is affected by by improper permission assignment (CVE-2025-0164)
Summary IBM QRadar SIEM is affected by improper permission assignment. Local privileged users may perform unauthorized actions on configuration files. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-0164 DESCRIPTION: IBM QRadar SIEM could allow a local...
CVE-2025-10224
The CVE-2025-10224 entry concerns AxxonSoft Axxon One (C-Werk) prior to or equal to 2.0.2 on Windows, where the LDAP authentication engine improperly evaluates nested LDAP group memberships. This allows a remote authenticated user to be denied access or receive misassigned roles during login. The...
AxxonSoft AxxonOne 安全漏洞
AxxonSoft AxxonOne is a video surveillance and security management software from AxxonSoft Ireland. A security vulnerability exists in AxxonSoft AxxonOne version 2.0.2 and earlier, which stems from improper authentication of the LDAP authentication engine and could result in access denial or role...
GHSA-HJFH-P8F5-24WR Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...
PT-2025-36510
Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly...