Malicious code in plugin-transform-logical-assignment-operators (npm)

--- -= Per source details. Do not edit below this line.=-...

Qnap QTS Incorrect Permission Assignment for Critical Resource (CVE-2024-21902)

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

Incorrect Privilege Assignment

github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...

CVE-2024-45015

...

The vulnerability of the Windows Mobile Broadband Driver for Windows operating systems allows a hacker to induce a service failure.

The vulnerability of the Windows Mobile Broadband Driver for Windows operating systems is related to pointer assignment errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

JVN#74538317: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Base Score 3.8 CVE-2024-46897 Stored Cross-site Scripting CWE-79...

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview tha...

The vulnerability of Adobe Illustrator’s graphic editor, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of Adobe Illustrator’s graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Adobe Illustrator’s graphic editor, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of Adobe Illustrator’s graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Malicious code in vue-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af79d6208188b1a6f878e404ecc5d2609b1bbd40511af1c30e8f6124d5431de7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9091 Malicious code in vue-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af79d6208188b1a6f878e404ecc5d2609b1bbd40511af1c30e8f6124d5431de7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-6360 Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText™ Vertica.

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23...

OpenText Vertica 安全漏洞

OpenText Vertica is a relational database management system RDBMS from OpenText Canada that can efficiently store massive amounts of data. A security vulnerability exists in OpenText Vertica that stems from incorrect privilege assignment. The following versions are affected: versions 10.0 through...

Privilege Escalation

code.gitea.io/gitea is vulnerable to Privilege Escalation. The vulnerability is due to the absence of proper permission checks in Gitea, which allows attackers to assign issues to projects without verifying whether they have the necessary access rights...

Incorrect Permission Assignment For Critical Resource

github.com/hashicorp/vault is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to not requiring the validprincipals list to contain a value by default. An attacker could authenticate as any user on the host by using an SSH certificate requested by an...

Olgu Computer Systems e-Belediye 安全漏洞

Olgu Computer Systems e-Belediye is an application from Olgu Computer Systems. A security vulnerability exists in Olgu Computer Systems e-Belediye prior to version 2.0.642, which arises from incorrect privilege assignment of externally controlled filenames or paths, and allows manipulation of Web...

CVE-2024-9142

CVE-2024-9142 affects Olgu Computer Systems’ e-Belediye prior to version 2.0.642. The root cause is incorrect permission assignment for a critical resource, enabling external control of file name or path and allowing manipulation of web input to file system calls. According to connected sources, ...

CVE-2024-9142 Local File Inclusion (LFI) in Olgu Computer Systems' e-Belediye

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...

CVE-2024-9142 Local File Inclusion (LFI) in Olgu Computer Systems' e-Belediye

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...

Malicious code in tq-assignment-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7f3696cd235e903c072e0f059768eac6d02449c0391742e708b6ce69250e1a15 The OpenSSF Package Analysis project identified 'tq-assignment-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...