Mozilla: Race condition in permission assignment

The Mozilla Foundation Security Advisory describes this flaw as: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin...

Malicious code in sap-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 47d1b76106e614ad1a145fb325f92b2c7ffde3c2861bec84464a3cb2b6574fd9 The OpenSSF Package Analysis project identified 'sap-assignment' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7571 Malicious code in sap-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 47d1b76106e614ad1a145fb325f92b2c7ffde3c2861bec84464a3cb2b6574fd9 The OpenSSF Package Analysis project identified 'sap-assignment' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

ALSA-2024:4500 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 CVE-2024-6604 Mozilla: Race condition in permission assignment CVE-2024-6601...

Siemens RUGGEDCOM ROS Incorrect Privilege Assignment Vulnerability

Siemens RuggedCom ROS is an operating system from Siemens, Germany, used in the RuggedCom series of switches. An incorrect privilege assignment vulnerability exists in Siemens RUGGEDCOM ROS, which can be exploited by an attacker to create a remote shell for an affected system...

Siemens SINEMA Remote Connect Server Critical Resource Permission Assignment Incorrect Vulnerability

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from an incorrect assignment of critical resource...

SUSE: Security Advisory (SUSE-SU-2024:2371-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:2371-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.13.0 ESR MFSA 2024-30, bsc1226316: - CVE-2024-6600: Memory corruption in WebGL API - CVE-2024-6601: Race condition in permission assignment - CVE-2024-6602: Memory corruption in NSS -...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in multiple Mozilla...

Siemens RUGGEDCOM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-37132

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges...

CVE-2024-37132

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges...

CVE-2024-37132

Dell PowerScale OneFS

CVE-2024-37132

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges...

The vulnerability of the Anti-Malware Service component of VIPRE Advanced Security software allows a hacker to increase their privileges.

The vulnerability of the Anti-Malware Service component in VIPRE Advanced Security software is related to improper privilege assignment. Exploiting this vulnerability allows attackers to enhance their privileges and circumvent security restrictions...

CVE-2024-31912

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894...

CVE-2024-31912 IBM MQ privilege escalation

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894...

The vulnerability of the NVIDIA Virtual GPU Manager driver, which allows a hacker to elevate their privileges or cause service interruptions.

The vulnerability of the NVIDIA Virtual GPU Manager driver relates to the improper assignment of privileges. Exploiting this vulnerability allows an attacker to enhance their privileges or cause service interruptions...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

Elektraweb Trust Management Issues Vulnerability

Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A trust management issue vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from a security issue where the system suffers from improper access control, lack of authorization, incorrect...