CVE-2024-13246 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2...

CVE-2024-13246

CVE-2024-13246 concerns Drupal’s Node Access Rebuild Progressive module. The vulnerability stems from improper ownership management in the module, which can allow a remote attacker to bypass access controls and influence the target via framing. Affected versions are 0.0.0 through 2.0.1 (up to but...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Node Access Rebuild Progressive versions 7.X-1.0 through 7.X-1.2, which stems from the inclusion of an ownership mismanagement vulnerability...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability previously existed in Drupal Node Access Rebuild Progressive version 2.0.2, which stemmed from the inclusion of an ownership mismanagement vulnerability...

CVE-2024-56434

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device...

CVE-2024-56434

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device...

CVE-2024-56434

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS device node access module, which can be exploited by an attacker to cause a device service...

PT-2025-3278 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Device node access module affected versions not specified Description: The issue concerns a Use After Free UAF vulnerability in the device node access module. Successful exploitation of this vulnerability may cause service exceptions of the...

Open Cluster Management vulnerable to Trust Boundary Violation

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

CVE-2024-9779 Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

CVE-2024-9779 Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

Open Cluster Management 安全漏洞

Open Cluster Management OCM is a community-driven project of Open Cluster Management open source. Focused on multi-cluster and multi-cloud scenarios for Kubernetes applications. A security vulnerability exists in Open Cluster Management that stems from a vulnerability found in Open Cluster...

CVE-2024-42018

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration...

Red Hat OpenShift Container Platform 安全漏洞

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that help organizations develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A security vulnerability exists in Red Hat OpenShift...

DRUPAL-CONTRIB-2024-030

This module integrates the mmenu library with Drupal's menu system with the aim of having an off-canvas mobile menu and a horizontal menu at wider widths. The module doesn't respect custom node access restrictions implemented through hook\ENTITY\TYPE\access hooks meaning the titles of restricted...

Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030

This module integrates the mmenu library with Drupal's menu system with the aim of having an off-canvas mobile menu and a horizontal menu at wider widths. The module doesn't respect custom node access restrictions implemented through hookENTITYTYPEaccess hooks meaning the titles of restricted nod...

Kanister 安全漏洞

Kanister is a data protection workflow management tool from Kanister Open Source. A security vulnerability exists in Kanister that stems from a cluster-level privilege elevation that can be performed by a malicious user by accessing a worker node...

PT-2024-23572 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A issue was discovered that allows remote attackers to cause a denial of service DoS in the ROS2 nodes. Recommendations: For ROS2 Galactic Geochelone versio...

PT-2024-23549 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Melodic Morenia versions where ROS VERSION is 1 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized information access to multiple ROS nodes...