Lucene search
+L

336 matches found

ptsecurity
ptsecurity
added 2024/07/10 12:0 a.m.8 views

PT-2024-22595 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p8 Checkmk versions prior to 2.2.0p29 Checkmk versions prior to 2.1.0p45 Checkmk versions prior to or equal to 2.0.0p39 Description: The issue is related to incorrect permissions on the Checkmk Windows Agent's...

8.8CVSS7.2AI score0.00167EPSS
Exploits0References11
cnnvd
cnnvd
added 2024/07/10 12:0 a.m.5 views

Checkmk Security Vulnerabilities

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from incorrect permissions on the data directory, causing a local attacker to gain SYSTEM privileges...

8.8CVSS6.8AI score0.00167EPSS
Exploits0References2
cvelist
cvelist
added 2024/07/01 2:7 p.m.57 views

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS0.00756EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/07/01 2:7 p.m.15 views

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS7.7AI score0.00756EPSS
Exploits0References3
osv
osv
added 2024/07/01 2:7 p.m.28 views

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS6.7AI score0.00756EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/03/26 12:0 a.m.7 views

PT-2024-13955 · Sikka · Sikka Sscwindowsservice

Name of the Vulnerable Software and Affected Versions: Sikka SSCWindowsService version 5 2023-09-14 Description: The issue allows low-privileged users to execute arbitrary code as LocalSystem due to full control being granted to them. This is possible because low-privileged users have write acces...

8.8CVSS7.9AI score0.0058EPSS
Exploits1References6
osv
osv
added 2024/03/06 11:7 a.m.56 views

BIT-TYPO3-2023-47126

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

5.3CVSS4.7AI score0.00661EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/02/29 12:0 a.m.4 views

Element Android Security Vulnerability

Element Android is the Android Matrix client provided by Element. A security vulnerability exists in Element Android versions 0.91.0 through 1.6.12, which originates from a vulnerability that allows an attacker to share files stored in the application's private data directory to an arbitrary Matr...

4CVSS6.7AI score0.00387EPSS
Exploits0References4
osv
osv
added 2024/02/20 6:30 p.m.37 views

CVE-2024-26132 Element Android can be asked to share internal files.

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

4CVSS4.9AI score0.00387EPSS
Exploits0References5
github
github
added 2024/01/31 11:28 p.m.41 views

Moby (Docker Engine) Insufficiently restricted permissions on data directory

Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...

6.3CVSS6.6AI score0.02671EPSS
Exploits3References7Affected Software2
osv
osv
added 2024/01/31 11:28 p.m.29 views

GHSA-3FWX-PJGW-3558 Moby (Docker Engine) Insufficiently restricted permissions on data directory

Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...

5.9CVSS6.9AI score0.02671EPSS
Exploits3References7
nessus
nessus
added 2024/01/15 12:0 a.m.37 views

Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)

A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...

6.3CVSS7.3AI score0.02671EPSS
Exploits3References4
veracode
veracode
added 2023/11/15 7:1 a.m.18 views

Information Disclosure

TYPO3 is vulnerable to Information Disclosure. The vulnerability is due to disclosing the full path of the transient data directory resulting in sensitive information disclosure...

5.3CVSS6.6AI score0.00661EPSS
Exploits0References4Affected Software2
osv
osv
added 2023/11/14 8:34 p.m.35 views

GHSA-P2JH-95JG-2W55 Information Disclosure in typo3/cms-install tool

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 3.5 Problem The login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only - “classic” non-composer...

3.7CVSS4.7AI score0.00661EPSS
Exploits0References5
nvd
nvd
added 2023/11/14 8:15 p.m.29 views

CVE-2023-47126

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

5.3CVSS0.00661EPSS
Exploits0References3
prion
prion
added 2023/11/14 8:15 p.m.18 views

Design/Logic Flaw

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

5CVSS6.9AI score0.00661EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2023/11/14 8:1 p.m.21 views

CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

3.7CVSS6.6AI score0.00661EPSS
Exploits0References3
osv
osv
added 2023/11/14 8:1 p.m.19 views

CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

3.7CVSS5.2AI score0.00661EPSS
Exploits0References5
nessus
nessus
added 2023/11/14 12:0 a.m.34 views

TYPO3 12.2.0 < 12.4.8 (TYPO3-CORE-SA-2023-005)

The version of TYPO3 installed on the remote host is prior to 12.2.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-005 advisory. - The login screen of the standalone install tool discloses the full path of the transient data directory e.g...

5.3CVSS5.7AI score0.00661EPSS
Exploits0References2
nvd
nvd
added 2023/08/31 6:15 p.m.59 views

CVE-2023-41044

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

3.8CVSS3.7AI score0.00569EPSS
Exploits1References3
Rows per page
Query Builder