2871 matches found
Knowage 路径遍历漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A path traversal vulnerability exists in Knowage versions prior to 6.x.x through 8.1.8, which stems from an authenticated user being able to download a template hosted on th...
IBM WebSphere Application Server 加密问题漏洞
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...
Orthanc 安全漏洞
Orthanc is a free and open source software from Orthanc. A security vulnerability exists in Orthanc version 1.12.0 that originates from allowing an authenticated attacker to overwrite configuration files and trigger remote code execution RCE...
Directory Traversal
nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...
CVE-2023-32357
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...
CVE-2023-32357
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...
CVE-2023-32357
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...
Authorization
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...
CVE-2023-32357
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...
CVE-2023-32357
CVE-2023-32357 is an authorization issue affecting Apple platforms. The root cause is improved state management that prevents proper revocation of access, allowing an app to retain access to system configuration files after permissions are revoked. Affected products include watchOS, tvOS, and var...
CVE-2023-32357
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...
CVE-2023-35843
NocoDB through 0.106.0 or 0.109.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...
CVE-2023-2270
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration fil...
Path traversal
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration fil...
CVE-2023-2270 Local privilege escalation
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration fil...
CVE-2023-2270 Local privilege escalation
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration fil...
PT-2023-7253 · Zyxel · Zyxel Usg Flex Series +4
Name of the Vulnerable Software and Affected Versions: ZyXEL VPN versions 4.30 through 5.37 ZyXEL USG FLEX series firmware versions 4.50 through 5.37 ZyXEL USG FLEX 50W series firmware versions 4.16 through 5.37 ZyXEL USG20W-VPN series firmware versions 4.16 through 5.37 ZyXEL ATP series firmware...
CVE-2023-32181
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...
CVE-2023-32181
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...
CVE-2023-32181
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...