Lucene search
K

331 matches found

OSV
OSV
added 2024/12/19 4:7 p.m.6 views

CVE-2024-38864 User-Readable Private Key in Windows Agent

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p23, 2.2.0p38 and = 2.1.0p49 EOL allows a local attacker to read sensitive data...

4.8CVSS6AI score0.0018EPSS
Exploits0References3
CVE
CVE
added 2024/12/19 4:7 p.m.53 views

CVE-2024-38864

CVE-2024-38864 concerns incorrect permissions on the Checkmk Windows Agent data directory, allowing a local attacker to read sensitive data. Affected are Checkmk Windows Agent implementations prior to 2.3.0p23, prior to 2.2.0p38, and earlier than or equal to 2.1.0p49 (EOL). The issue is local and...

4.8CVSS6AI score0.0018EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.4 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from incorrect permissions on the Checkmk Windows Agent data directory, allowing a local attacker to read sensitive data...

4.8CVSS6.1AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.5 views

PT-2024-28245 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p23 Checkmk versions prior to 2.2.0p38 Checkmk versions prior to or equal to 2.1.0p49 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's data directory, allowing a local...

4.8CVSS6.7AI score0.0018EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/12/12 6:57 a.m.4 views

SUSE CVE-2024-54131

The Kolide Agent aka: Launcher is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent known as launcher allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started...

7.3CVSS7.2AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 4:15 p.m.5 views

CVE-2023-20039

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...

5.5CVSS5.8AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/15 3:20 p.m.15 views

CVE-2023-20039 Cisco Industrial Network Director File Permissions

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Cisco Industrial Network Director 安全漏洞

Cisco Industrial Network Director IND is an industrial automation management system from the American company Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. Cisco Industrial Network Director has a security vulnerability that stems fr...

5.5CVSS6.5AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/12 12:53 p.m.10 views

CVE-2024-45857

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...

7.8CVSS7.3AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.7 views

PT-2024-31814

Name of the Vulnerable Software and Affected Versions: Cleanlab versions 2.4.0 or newer Description: The issue is related to the deserialization of untrusted data, which can occur in the Cleanlab project. This allows a maliciously crafted datalab.pkl file to run arbitrary code on an end user's...

8.6CVSS6.2AI score0.00243EPSS
Exploits0References12
OSV
OSV
added 2024/08/15 7:15 p.m.10 views

UBUNTU-CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

10CVSS7AI score0.01283EPSS
Exploits1References5
OSV
OSV
added 2024/07/22 3:21 p.m.20 views

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

6.5CVSS6.8AI score0.00501EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.5 views

PT-2024-28624 · Unknown · Bert-Vits2

Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue arises from user input being directly used in a command executed with subprocess.runcmd, shell=True in the resample function, leading to arbitrary command execution. This is due to th...

9.8CVSS7AI score0.01116EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.6 views

PT-2024-28625 · Unknown · Bert-Vits2

Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue arises from user input being directly used in a command executed with subprocess.runcmd, shell=True in the bert gen function, leading to arbitrary command execution. This is due to th...

9.8CVSS7AI score0.0118EPSS
Exploits1References7
OSV
OSV
added 2024/07/10 1:15 p.m.4 views

UBUNTU-CVE-2024-28827

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p8, 2.2.0p29, 2.1.0p45, and = 2.0.0p39 EOL allows a local attacker to gain SYSTEM privileges...

8.8CVSS5.8AI score0.00167EPSS
Exploits0References3
CVE
CVE
added 2024/07/10 12:41 p.m.68 views

CVE-2024-28827

The CVE-2024-28827 issue is a local privilege escalation in Checkmk Windows Agent caused by incorrect permissions on the agent’s data directory. Affected: Checkmk Windows Agent data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and

8.8CVSS8.6AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.5 views

PT-2024-22595 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p8 Checkmk versions prior to 2.2.0p29 Checkmk versions prior to 2.1.0p45 Checkmk versions prior to or equal to 2.0.0p39 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's...

8.8CVSS7.2AI score0.00167EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.4 views

Checkmk Security Vulnerabilities

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from incorrect permissions on the data directory, causing a local attacker to gain SYSTEM privileges...

8.8CVSS6.8AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2024/07/01 2:7 p.m.28 views

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS6.7AI score0.00756EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/07/01 2:7 p.m.13 views

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS7.7AI score0.00756EPSS
Exploits0References3
Rows per page
Query Builder