331 matches found
CVE-2024-38864 User-Readable Private Key in Windows Agent
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p23, 2.2.0p38 and = 2.1.0p49 EOL allows a local attacker to read sensitive data...
CVE-2024-38864
CVE-2024-38864 concerns incorrect permissions on the Checkmk Windows Agent data directory, allowing a local attacker to read sensitive data. Affected are Checkmk Windows Agent implementations prior to 2.3.0p23, prior to 2.2.0p38, and earlier than or equal to 2.1.0p49 (EOL). The issue is local and...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from incorrect permissions on the Checkmk Windows Agent data directory, allowing a local attacker to read sensitive data...
PT-2024-28245 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p23 Checkmk versions prior to 2.2.0p38 Checkmk versions prior to or equal to 2.1.0p49 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's data directory, allowing a local...
SUSE CVE-2024-54131
The Kolide Agent aka: Launcher is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent known as launcher allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started...
CVE-2023-20039
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...
CVE-2023-20039 Cisco Industrial Network Director File Permissions
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...
Cisco Industrial Network Director 安全漏洞
Cisco Industrial Network Director IND is an industrial automation management system from the American company Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. Cisco Industrial Network Director has a security vulnerability that stems fr...
CVE-2024-45857
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded...
PT-2024-31814
Name of the Vulnerable Software and Affected Versions: Cleanlab versions 2.4.0 or newer Description: The issue is related to the deserialization of untrusted data, which can occur in the Cleanlab project. This allows a maliciously crafted datalab.pkl file to run arbitrary code on an end user's...
UBUNTU-CVE-2024-42472
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...
CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...
PT-2024-28624 · Unknown · Bert-Vits2
Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue arises from user input being directly used in a command executed with subprocess.runcmd, shell=True in the resample function, leading to arbitrary command execution. This is due to th...
PT-2024-28625 · Unknown · Bert-Vits2
Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue arises from user input being directly used in a command executed with subprocess.runcmd, shell=True in the bert gen function, leading to arbitrary command execution. This is due to th...
UBUNTU-CVE-2024-28827
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p8, 2.2.0p29, 2.1.0p45, and = 2.0.0p39 EOL allows a local attacker to gain SYSTEM privileges...
CVE-2024-28827
The CVE-2024-28827 issue is a local privilege escalation in Checkmk Windows Agent caused by incorrect permissions on the agent’s data directory. Affected: Checkmk Windows Agent data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and
PT-2024-22595 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p8 Checkmk versions prior to 2.2.0p29 Checkmk versions prior to 2.1.0p45 Checkmk versions prior to or equal to 2.0.0p39 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's...
Checkmk Security Vulnerabilities
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from incorrect permissions on the data directory, causing a local attacker to gain SYSTEM privileges...
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...