3949 matches found
The vulnerability of the MarkStack JavaScript script handler component in the Mozilla Firefox browser allows a hacker to trigger a service failure.
The vulnerability of the MarkStack JavaScript script handler component in Mozilla Firefox relates to access to an uninitialized pointer due to incorrect use of the assignment operator. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Mass Assignment
Laravel is vulnerable to Mass Assignment. The vulnerability is due to insufficient column quoting for all database drivers, which could allow attackers to perform unauthorized mass assignment operations. If using guarded and passing a user-controlled array into an "update" or "save" function,...
Siemens SIMATIC RTLS Locating Manager Incorrectly Assigns Critical Resource Privileges Vulnerability
SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...
The vulnerability of the hugetlbfs_parse_param() function in the fs/hugetlbfs/inode.c module of the HugeTLB memory management module in the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the hugetlbfsparseparam function in the fs/hugetlbfs/inode.c module of the HugeTLB memory management module in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
Laravel Guard bypass in Eloquent models
In laravel releases before 6.18.34 and 7.23.2. It was possible to mass assign Eloquent attributes that included the model's table name: $model-fill'users.name' = 'Taylor'; When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent...
Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...
GHSA-RJ3W-99GC-8J58 Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...
Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...
GHSA-CC2W-GHC5-M5QR Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...
PT-2024-40241 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.29 Description: The issue concerns mass assignment vulnerabilities in Laravel when not using the fillable property on models or when using guarded and passing user-controlled arrays into update or save functions...
PT-2024-40457 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.29 Description: The issue concerns mass assignment vulnerabilities in Laravel when not using the fillable property on models or when using guarded and passing user-controlled arrays into update or save functions...
PT-2024-40061 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.34 Laravel versions prior to 7.23.2 Description: A security issue was found in Laravel where it was possible to mass assign Eloquent attributes that included the model's table name. This could lead to unexpected...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.
Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...
RHEL 8 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - golang: html/template:...
JVN#97751842: Multiple vulnerabilities in MosP kintai kanri
MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28880 Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Bas...
CVE-2023-40516
LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system ...
CVE-2023-51579 Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2023-51579 Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2023-40516 LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability
LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system ...
CVE-2023-40516
CVE-2023-40516 affects LG Simple Editor. The issue is in the product installer which sets incorrect permissions on folders, enabling a local attacker with low privileges to escalate to SYSTEM and execute arbitrary code. Documents confirm local privilege escalation and do not provide patch/version...