Design/Logic Flaw

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner...

CVE-2020-10632 ICSA-20-140-02 Emerson OpenEnterprise

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner...

CVE-2020-10632

The CVE-2020-10632 entry concerns Emerson OpenEnterprise up to version 3.3.4, where inadequate folder security permissions could allow modification of important configuration files, potentially causing system failure or unpredictable behavior. Connected sources (Red Hat, CISA ICS, CVE records) co...

CVE-2020-10632 ICSA-20-140-02 Emerson OpenEnterprise

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner...

SUSE: Security Advisory (SUSE-SU-2022:14891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:14891-1 Security update for cobbler

This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files bsc1193671. The following non-security bugs were fixed: - Move configuration files ownership to apache bsc1195906...

Cobbler 安全漏洞

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installation environments. security vulnerabilities exist in versions of Cobbler prior to 3.3.1, stemming from files in /etc/cobbler that are publicly readable, two of which contain some sensitiv...

CVE-2021-20001

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares /publichtml, which could result in privilege escalation...

CVE-2021-20001

CVE-2021-20001 affects debian-edu-config prior to 2.12.16, where insecure permissions on user web shares (~/public_html) could allow privilege escalation. Debian advisories (DSA-5072-1, DLA-2918-1) document the issue and its fix; for Debian 9, the fix is in 1.929+deb9u5. Multiple feeds (NVD entry...

CVE-2021-20001

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares /publichtml, which could result in privilege escalation...

Google Chrome Resource Management Error Vulnerability (CNVD-2022-44720)

Google Chrome is a web browser from Google, Inc. A resource management error vulnerability exists in Google Chrome, which can be exploited by remote attackers to potentially exploit heap corruption by corrupting configuration files...

Privilege Escalation

debian-edu-config is vulnerable to privilege escalation. The vulnerability exists due to lack of validation of the authorization in the configuration files...

Docker log information leakage vulnerability

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

sos bug fix and enhancement update

The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: sosreport should use new AlmaLinux Secure FTP instead of dropbox for...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A resource management error vulnerability exists in Google Chrome, which can be exploited by remote attackers to potentially exploit heap corruption by corrupting configuration files...

Arbitrary file deletion

Authenticated admin+ Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6. The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadablefileurls0 parameter data. It's also...

CVE-2021-31567

CVE-2021-31567 affects the WordPress plugin Download Monitor (versions ≤ 4.4.6). An authenticated admin+ user can trigger an arbitrary file download via the parameter &downloadable_file_urls[0], enabling access to sensitive files (e.g., wp-config.php) and even escaping the web server home directo...

CVE-2021-31567 WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability

Authenticated admin+ Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6. The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadablefileurls0 parameter data. It's also...

Mageia: Security Advisory (MGASA-2015-0162)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0058)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...