Siemens RUGGEDCOM Incorrect Privilege Assignment (CVE-2024-38278)

The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system. This plugin only works with...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-7143

CVE-2024-7143 – Affected: Pulp RBAC object creation using AutoAddObjPermsMixin; root cause is that the system determines the object creator from the current authenticated user, which on tasks is inherited from the oldest user with task permissions. As a result, permissions on objects created with...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

ROS-20240725-08

A vulnerability in the NVIDIA GPU Display Driver software driver for Linux is related to writing outside of memory boundaries. Exploitation of the vulnerability could allow an attacker to elevate privileges, disclose sensitive information, or spoof data A vulnerability in the NVIDIA GPU Display...

Pulp 安全漏洞

Pulp is an open source project from Pulp Open Source that enables developers to easily fetch, upload and distribute software packages locally or in the cloud. A security vulnerability exists in Pulp that stems from a problem with the way role-based access control objects are assigned permissions ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:2790-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2790-1 advisory. Update to Mozilla Thunderbird 115.13 MFSA 2024-31, bsc1226316: Security fixes: - CVE-2024-6600:...

Incorrect Permission Assignment For Critical Resource

github.com/snapcore/snapd is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to the improper restriction of writes to the $HOME/bin path. An attacker can execute arbitrary scripts outside of the expected snap sandbox, potentially allowing them to esca...

CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

CVE-2024-41720

CVE-2024-41720 affects ZWX-2000CSW2-HN firmware versions prior to 0.3.15. The issue is an incorrect permission assignment for a critical resource (CWE-732) that may permit a network-adjacent authenticated attacker to alter the device configuration. Impact is reported as high (C/I/A: HIGH) with an...

JVN#70666401: Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5 CVE-2024-39838 Incorrect...

PT-2024-28901 · Unknown · Pantera Crm

Name of the Vulnerable Software and Affected Versions: Pantera CRM versions 401.152 through 402.072 Description: A mass assignment issue exists, allowing authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

CVE-2024-31202

A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation...

CVE-2024-31202

A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation...

PT-2024-23846 · Unknown · Thermoscanip

Name of the Vulnerable Software and Affected Versions: ThermoscanIP affected versions not specified Description: A critical issue in the ThermoscanIP installation folder, related to incorrect permission assignment, allows a local attacker to perform a Local Privilege Escalation. This issue is...

Plug and Track Thermoscan IP 安全漏洞

Plug and Track Thermoscan IP is a simple device from the French company Plug and Track. It is used to monitor the temperature and humidity of refrigerators, freezers, incubators, and other devices. A security vulnerability exists in Plug and Track Thermoscan IP that stems from incorrect privilege...

The vulnerability of Acronis Agent, a software protection tool from Acronis Cyber Protect 15, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Acronis Agent, a software solution for data protection, within Acronis Cyber Protect 15, is related to insufficient protection of operational data due to improper privilege assignment. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthoriz...

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

CVE-2024-7297 Langflow Privilege Escalation

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...