336 matches found
PT-2024-22595 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p8 Checkmk versions prior to 2.2.0p29 Checkmk versions prior to 2.1.0p45 Checkmk versions prior to or equal to 2.0.0p39 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's...
Checkmk Security Vulnerabilities
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from incorrect permissions on the data directory, causing a local attacker to gain SYSTEM privileges...
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...
PT-2024-13955 · Sikka · Sikka Sscwindowsservice
Name of the Vulnerable Software and Affected Versions: Sikka SSCWindowsService version 5 2023-09-14 Description: The issue allows low-privileged users to execute arbitrary code as LocalSystem due to full control being granted to them. This is possible because low-privileged users have write acces...
BIT-TYPO3-2023-47126
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...
Element Android Security Vulnerability
Element Android is the Android Matrix client provided by Element. A security vulnerability exists in Element Android versions 0.91.0 through 1.6.12, which originates from a vulnerability that allows an attacker to share files stored in the application's private data directory to an arbitrary Matr...
CVE-2024-26132 Element Android can be asked to share internal files.
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...
GHSA-3FWX-PJGW-3558 Moby (Docker Engine) Insufficiently restricted permissions on data directory
Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...
Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)
A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...
Information Disclosure
TYPO3 is vulnerable to Information Disclosure. The vulnerability is due to disclosing the full path of the transient data directory resulting in sensitive information disclosure...
GHSA-P2JH-95JG-2W55 Information Disclosure in typo3/cms-install tool
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 3.5 Problem The login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only - “classic” non-composer...
CVE-2023-47126
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...
Design/Logic Flaw
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...
CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...
CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...
TYPO3 12.2.0 < 12.4.8 (TYPO3-CORE-SA-2023-005)
The version of TYPO3 installed on the remote host is prior to 12.2.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-005 advisory. - The login screen of the standalone install tool discloses the full path of the transient data directory e.g...
CVE-2023-41044
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...