CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 125, which stems from the fact that if an AlignedBuffer is assigned to itself, subsequent self-moves may result in incorrect reference countin...

PT-2024-15530 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A mass assignment vulnerability exists in the "/api/invite/:code" endpoint, allowing unauthorized creation of high-privileged accounts. By intercepting and...

The vulnerability in the implementation of the RPC (Remote Procedure Call) protocol of Siemens’ process control systems such as SIMATIC PCS 7, OpenPCS 7, and Siemens’ SCADA system SIMATIC WinCC allows a attacker to trigger maintenance failures.

The vulnerability of the RPC Remote Procedure Call protocol implementation in Siemens SIMATIC PCS 7, OpenPCS 7, and SCADA systems like SIMATIC WinCC is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability in the implementation of the RPC (Remote Procedure Call) protocol of Siemens’ process control systems such as SIMATIC PCS 7, OpenPCS 7, and Siemens’ SCADA system SIMATIC WinCC allows a attacker to trigger maintenance failures.

The vulnerability of the RPC Remote Procedure Call protocol implementation in Siemens SIMATIC PCS 7, OpenPCS 7, and SCADA systems like SIMATIC WinCC is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

CVE-2024-3283

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

CVE-2024-3283

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

CVE-2024-3283

CVE-2024-3283 concerns mintplex-labs/anything-llm. A mass-assignment flaw in the /admin/system-preferences endpoint lets users with the Manager role modify the multi_user_mode variable, enabling access to /api/system/enable-multi-user and the creation of a new admin user. The root cause is the en...

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from allowing users with the Manager role to escalate their privileges to the Administrator role via a bulk assignment issue...

JVN#82074338: Multiple vulnerabilities in NEC Aterm series

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...

The vulnerability in the set of VMware Tools relates to improper privilege assignment, allowing a malicious actor to circumvent existing security restrictions.

The vulnerability of the VMware Tools set is related to the vulnerability of handling the file descriptor in the vmware-user-suid-wrapper layer. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the exmode mode in the Vim text editor allows a hacker to trigger a service failure.

The vulnerability of the exmode mode in the Vim text editor is related to the assignment of NULL pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20240329-25

Vulnerability of Zabbix universal monitoring system agent is related to incorrect control of code generation. code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability of the Zabbix Universal Monitoring System agent is relat...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

RHEL 8 : thunderbird (RHSA-2024:1499)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1499 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss:...

CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...

CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...