CVE-2024-12149

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested...

CVE-2024-12151

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets...

CVE-2024-12149

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested...

CVE-2024-12149

Affected software: Devolutions Remote Desktop Manager (Windows) up to version 2024.3.19.0 and earlier. Issue: Incorrect permission assignment in the Temporary Access Requests component, enabling an authenticated user who requests temporary permissions on an entry to obtain more privileges than re...

CVE-2024-12151

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets...

CVE-2024-12151

CVE-2024-12151 affects Devolutions Server (versions 2024.3.8.0 and earlier) due to an incorrect permission assignment in the User Migration feature, allowing users to retain their old permission sets. The vulnerable component is the User Migration feature; root cause: incorrect permission handlin...

CVE-2024-12151

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets...

QNAP Notes Station 3 Resource Privilege Assignment Error Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a Resource Privilege Assignment Error vulnerability that stems from the...

JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-45841 OS Command Injection CWE-78...

The vulnerability of the websReadEvent() function in the microprogramming software for Tenda FH451, Tenda FH1201, Tenda FH1202, and Tenda FH1206 allows a hacker to trigger a service failure.

The vulnerability of the websReadEvent function in the microprogramming software for Tenda FH451, Tenda FH1201, Tenda FH1202, and Tenda FH1206 is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending specially crafted...

Ubuntu: Security Advisory (USN-7132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7132-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is...

The vulnerability of the hisi_sas component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the hisisas component in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the installer for Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, allows a hacker to enhance their privileges.

The vulnerability of the Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, is related to errors in privilege assignment. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the wmi_char_open() function in Linux operating system kernels, which allows a hacker to cause a service failure

The vulnerability of the wmicharopen function in Linux operating system kernels is related to the lack of binding of the driver to the device due to a pointer assignment error. Exploiting this vulnerability can allow an attacker to trigger a service failure...

The vulnerability of the Spectrum Power 7 software, related to incorrect privilege assignment, allows a perpetrator to elevate their privileges.

The vulnerability of the Spectrum Power 7 software is related to the improper assignment of privileges by running binary files with the SUID privilege. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10978)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...

CVE-2024-9245

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-9244

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...