org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

CVE-2025-3941

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise...

Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞

Tridium Niagara Framework and Tridium Niagara Enterprise Security are both products of Tridium, Inc.Tridium Niagara Framework is a comprehensive software infrastructure that solves the challenges of creating appliance to enterprise applications. Tridium Niagara Enterprise Security is a...

CVE-2002-2069

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...

CVE-2002-2068

Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...

CVE-2002-2067

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...

Path Equivalence

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Path Equivalence due to the blockedpath function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by usi...

GHSA-PRPG-P95C-32FV Gradio Path Traversal vulnerability

A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...

CVE-2024-12217

CVE-2024-12217 affects the gradio-app/gradio project (commit git 67e4044). The flaw in the blocked_path implementation on Windows allows path traversal via NTFS Alternate Data Streams syntax (e.g., C:/tmp/secret.txt::$DATA), bypassing blocks that prevent access to restricted files and enabling re...

CVE-2025-29910

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...

Linux Distros Unpatched Vulnerability : CVE-2017-12134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obta...

RHEL 8 : libgit2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux CVE-2020-12279 - A...

VulnCheck KEV: CVE-2009-2445

Oracle iPlanet Web Server formerly Sun Java System Web Server or Sun ONE Web Server 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI...

OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...

GHSA-WMX7-X4JP-9JGG OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

PT-2022-26148 · Unknown · Opensearch

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.7 OpenSearch versions prior to 2.4.0 Description: There is an issue with the implementation of fine-grained access control rules, including document-level security, field-level security, and field masking, whe...

CVE-2022-41918

OpenSearch has a vulnerability where fine-grained access controls (document-level security, field-level security, and field masking) are not correctly applied to the indices backing data streams, potentially allowing incorrect access authorization. The issue affects OpenSearch prior to the patche...

CVE-2022-41918 Issue with fine-grained access control of indices backing data streams

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...