The vulnerability of the XWiki platform, which is related to incorrect privilege assignment, allows a perpetrator to execute arbitrary code.

The XWiki platform has a vulnerability related to incorrect privilege assignment. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of Adobe Audition’s audio editor, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of Adobe Audition is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created malicious file...

CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b "ALSA: core: Warn on empty module" introduced a WARNON for a NULL module pointer passed at sndcard object creation, and it also wraps the code...

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti...

CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b "ALSA: core: Warn on empty module" introduced a WARNON for a NULL module pointer passed at sndcard object creation, and it also wraps the code...

CVE-2024-38605 ALSA: core: Fix NULL module pointer assignment at card init

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b "ALSA: core: Warn on empty module" introduced a WARNON for a NULL module pointer passed at sndcard object creation, and it also wraps the code...

Toshiba e-STUDIO2518A vsftpd Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is required to exploit this vulnerability. The specific flaw exists within the vsftpd daemon. The issue results from incorrect permissions set on folders...

CVE-2024-1469

Rejected reason: REJECT Duplicate assignment. Please use CVE-2024-0845 instead...

CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

GO-2024-2780 Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes

Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes...

GO-2024-2769 Gitea allowed assignment of private issues in code.gitea.io/gitea

Gitea allowed assignment of private issues in code.gitea.io/gitea...

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

CVE-2024-30369

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2024-30369 A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2024-30369 A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in...

Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attac...

SUSE CVE-2022-3424

A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...

RHEL 6 : gradle (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gradle: Possible local text file exfiltration by XML External entity injection CVE-2023-42445 - gradle:...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...