CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...

IdentiBot 安全漏洞

IdentiBot is an open source Discord bot at MIT University written in Node.js that is used to verify an individual's affiliation with MIT, grant them a role in the Discord server, and store information about them in a database backend. IdentiBot has a security vulnerability that stems from members...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations, related to pointer assignment errors, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations, related to pointer assignment errors, allows attackers to disclose protected information.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to disclose protected information...

SUSE CVE-2021-47483

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcacherbtreeexit In regcacherbtreeinserttoblock, when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode-block' will be freed, so 'rbnode-block' points a freed memory,...

kernel: usb: typec: altmodes/displayport: fix pin_assignment_show

An out-of-bounds array access was found in the USB Type-C DisplayPort altmode driver. When no compatible pin assignments are found, the code performs negative array indexing, causing a use-after-free or out-of-bounds read...

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances

Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage NAS appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below -...

CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902 QTS, QuTS hero

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902 QTS, QuTS hero

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902

CVE-2024-21902 affects QNAP QTS and QuTS hero systems, stemming from an incorrect permission assignment for a critical resource. The vulnerability could allow authenticated users to read or modify the resource over a network. Public details in the provided documents confirm affected products are ...

CVE-2021-47284 isdn: mISDN: netjet: Fix crash in nj_probe:

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in njprobe: 'njsetup' in netjet.c might fail with -EIO and in this case 'card-irq' is initialized and is bigger than zero. A subsequent call to 'njrelease' will free the irq that has not been...

CVE-2021-47281 ALSA: seq: Fix race of snd_seq_timer_open()

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and sndseqtimeropen should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning,...

VulnCheck KEV: CVE-2024-35700

Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.8...

Virtuozzo Hybrid Infrastructure 6.1 Update 1 (6.1.1-35)

In this release, Virtuozzo Hybrid Infrastructure enables virtual CPU and RAM overcommitment per node, as well as provides stability and performance improvements, and addresses issues found in previous releases. Vulnerability id: VSTOR-49565 Network errors occur when migrating a VM that was...

DEBIAN-CVE-2024-35972

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix possible memory leak in bnxtrdmaauxdeviceinit If ulp = kzalloc fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly...

UBUNTU-CVE-2024-35972

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix possible memory leak in bnxtrdmaauxdeviceinit If ulp = kzalloc fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly...

Mass Assignment

Laravel is vulnerable to Mass Assignment. The vulnerability is due to improper column quoting for database drivers, which can be exploited when not using the fillable property on models, particularly when using the guarded property and passing a user-controlled array into an "update" or "save"...