CVE-2021-0644

In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

Photon OS 5.0: Linux PHSA-2025-5.0-0644

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0644. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2020-2129

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-25317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Clou...

CVE-2025-23395 Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

Linux Distros Unpatched Vulnerability : CVE-2016-0644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and...

Debian dla-3906 : libwireshark-data - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3906 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3906-1 [email protected]...

EMC CTA 10.0 Unauthenticated XXE Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read', 'Description' = %q EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that...

Photon OS 3.0: Go PHSA-2023-3.0-0644

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0644. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid203762...

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2016:1132)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1132 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaD...

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

CVE-2023-0644

creationtimestamp| type| source ---|---|--- 2023-05-15 16:40:06+00:00| seen| https://t.me/cibsecurity/64111...

CVE-2023-0644

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-0644

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-0644

CVE-2023-0644 affects the WordPress plugin “Push Notifications for WordPress by PushAssist” (versions

CVE-2023-0644 PushAssist <= 3.0.8 - Reflected Cross-Site Scripting

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Push Notifications for WordPress by PushAssist Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Push Notifications for WordPress by PushAssist Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0644 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 943120492720...

SUSE CVE-2012-2389

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials...

SUSE CVE-2021-25317

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permission...

CVE-2022-0644

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...