ROS-20250212-11

The Nomad application orchestrator vulnerability is related to improper assignment of privileges in the namespace namespace privileges via unedited workload identification tokens. Exploitation of the vulnerability could allow an attacker acting remotely to access sensitive information...

CVE-2024-39286

Incorrect execution-assigned permissions in the Linux kernel mode driver for the IntelR 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2025-21697

CVE-2025-21697 affects the Linux kernel DRM/v3d driver. After a job completes, the corresponding device pointer must be set to NULL; failing to do so triggers a warning during driver unload, since it can appear the job is still active. The fix is to assign the job pointer to NULL after completion...

The vulnerability of the Linux operating system’s kernel, related to the assignment of the NULL pointer, allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)

Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses a medium severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: Description | CVSS Score Severity | CVSS Vector | CWE...

Fortinet FortiOS 安全漏洞

FortiOS is a core network security operating system developed by Fortinet, widely used in FortiGate next-generation firewall, providing users with firewall, VPN, intrusion prevention, application control and other security functions. An elevation of privilege vulnerability exists in Fortinet...

Azure Linux 3.0 Security Update: kernel (CVE-2024-35972)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35972 advisory. - In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix possible memory leak in...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-10978)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...

Azure Linux 3.0 Security Update: azcopy / cni / containernetworking-plugins / cri-o / git-lfs / golang / kata-containers (CVE-2022-29526)

The version of azcopy / cni / containernetworking-plugins / cri-o / git-lfs / golang / kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29526 advisory. - Go before 1.17.10 and 1.18....

Security Bulletin: Weak authorization IBM Business Automation Workflow - CVE-2024-49348

Summary IBM Business Automation Workflow is vulnerable may return sensitive information in unexpected scenarios. Vulnerability Details CVEID:CVE-2024-49348 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2,...

CVE-2025-22736

Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through = 1.2...

CVE-2022-1316

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation...

CVE-2022-2626

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6...

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

CVE-2024-3375

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84...

CVE-2024-56040

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through = 1.9.9.4.1...

CVE-2024-50550

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through = 6.5.1...

CVE-2024-50485

Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through = 1.5...

CVE-2024-50504

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through = 1.1...