CVE-2023-47564 Qsync Central

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync...

CVE-2023-47564

CVE-2023-47564 affects Qsync Central, caused by an incorrect permission assignment for a critical resource. If exploited, authenticated users could read or modify the resource over the network. Fixed in Qsync Central 4.4.0.15+ (2024/01/04) and 4.3.0.11+ (2024/01/11+). Remediation: upgrade to 4.4....

CVE-2023-47564 Qsync Central

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync...

CVE-2020-24681

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP...

CVE-2020-24681

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP...

Code injection

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP...

CVE-2020-24681 Automation Studio and PVI Multiple incorrect permission assignments for services

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP...

CVE-2020-24681 Automation Studio and PVI Multiple incorrect permission assignments for services

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP...

CVE-2020-24681

The CVE-2020-24681 entry concerns an Incorrect Permission Assignment for Critical Resource that enables Privilege Escalation in B&R Industrial Automation Automation Studio. Affected products/versions include Automation Studio 4.6.0–4.6.X, 4.7.0–4.7.7 SP, 4.8.0–4.8.6 SP, and 4.9.0–4.9.4 SP. Root c...

QNAP Multiple Product Security Vulnerabilities

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system....

PT-2024-10789 · B&R Industrial Automation · Automation Studio

Name of the Vulnerable Software and Affected Versions: B&R Industrial Automation Automation Studio versions 4.6.0 through 4.6.X B&R Industrial Automation Automation Studio versions 4.7.0 through 4.7.6 B&R Industrial Automation Automation Studio versions 4.8.0 through 4.8.5 B&R Industrial Automati...

CVE-2024-22016 Incorrect Permission Assignment for Critical Resource in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation...

CVE-2024-22016 Incorrect Permission Assignment for Critical Resource in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation...

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

SUSE CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...

pci: phantom functions assigned to incorrect contexts

ISSUE DESCRIPTION PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions nee...

PT-2024-3464 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a double-free bug in the iwlwifi driver. The storage for the TLV PC register data was not handled like other storage in the drv-fw area, which is cleared at the...

VulnCheck KEV: CVE-2024-22145

Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.8...

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to pointer assignment errors, allows attackers to trigger a service failure.

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization product lifecycle management system is related to errors in pointer assignment during the processing of CGM format files. Exploiting this vulnerability can allow attackers to cause service failures...

Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)

A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...