CVE-2023-2358

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...

November 21, 2024—KB5046714 (OS Build 19045.5198) Preview

November 21, 2024—KB5046714 OS Build 19045.5198 Preview 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for December 2024...

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

Fedora: Security Advisory for rust-uu_dd (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco IOS Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)

According to its self-reported version, Cisco IOS is affected by a vulnerability. - A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and co...

OESA-2023-1686 iSulad security update

Security Fixes: When malicious images are pulled by isula pull, attackers can execute arbitrary code.CVE-2021-33635 When the isula load command is used to load malicious images, attackers can execute arbitrary code.CVE-2021-33636 When the isula export command is used to export a container to an...

CVE-2023-2358

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...

Denial of service

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...

CVE-2023-2358 Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext...

SUSE CVE-2007-5239

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier does not properly enforce access restrictions for untrusted 1 applications and 2 applets, which allows user-assisted remote attacke...

CVE-2022-28156

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace...

Jenkins Pipeline Phoenix AutoTest Plugin 路径遍历漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.Jenkins Pipeline Phoenix AutoTest Plugi 1.3 and earlier is vulnerable to a path traversal vulnerability that could be exploited by an attacker with Item/Configure...

Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete Cms is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a cross-site request forgery vulnerability that allows an attacker to exploit the vulnerability to copy files, which can lead to an inconvenie...

Design/Logic Flaw

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege...

The vulnerability of the Fanuc 32i numerical program-controlled controller stems from deficiencies in the storage of protected information, allowing attackers to copy or modify user files and system files.

The vulnerability of the numerical program-controlled controller Fanuc 32i is related to deficiencies in the storage of protected information. Exploiting this vulnerability could allow an intruder to copy or modify user files and system files...

CVE-2020-0480

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution privileges needed...

CVE-2020-0480

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution privileges needed...

The vulnerability of the central control server of SiNVR 3 Central Control Server (CCS) arises from an incorrect path name limitation in the web interface download section, which allows a hacker to gain access to the server’s file system, enabling them to download files from the server and copy files from the server.

The vulnerability of the central control server of SiNVR 3 Central Control Server CCS is related to an incorrect path name limitation in the web interface download section, leading to access to restricted directories. Exploiting this vulnerability could allow a malicious actor to gain access to t...

Design/Logic Flaw

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths...

Huawei Emily-L29C Information Disclosure Vulnerability

The Huawei Emily-L29C is a smartphone from the Chinese company Huawei. An information disclosure vulnerability exists in the Huawei Emily-L29C. The vulnerability arises from a configuration or other error in the operation of a network system or product. An attacker can exploit this vulnerability ...