60 matches found
Google Android 安全漏洞
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android MediaTek component Mediatek WLAN TDLS. An attacker can exploit this vulnerability to achieve elevation of...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that originates from a direct link to netdevice...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that originates from a direct link to netdevice...
CVE-2023-5117
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL...
CVE-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL...
CVE-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL...
UBUNTU-CVE-2021-3991
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...
CVE-2024-36677
The CVE-2024-36677 affects Weblir’s PrestaShop module Login as customer PRO (versions
CVE-2024-35842
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normallink string It's not granted that all entries of struct sofconnstream declare a normallink a non-SOF, direct link string, and this is the case for SoCs that support only SOF...
CVE-2024-35842
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normallink string It's not granted that all entries of struct sofconnstream declare a normallink a non-SOF, direct link string, and this is the case for SoCs that support only SOF...
GHSA-XMP3-7745-G4VJ ezsystems/ez-support-tools Failing access control in system info view
This Security Advisory is about a vulnerability in ezsystems/ez-support-tools v2.2, part of Ibexa DXP v3.2. Older versions are not affected. A user having insufficient permissions is able to access the system information tabs if they type in the direct link the link is not shown in the menu. The...
Minor update (5) for Vivaldi Desktop Browser 6.7
Download Vivaldi The following improvements were made since the fourth 6.7 minor update: Chromium Upgraded 124.0.6367.219 CVE-2024-4761: NB. Chromium updates may include security enhancements or fixes, crash fixes, or website compatibility updates. Web Compatibility Auth does not work when link i...
BIT-MATTERMOST-2023-1776
Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file...
CVE-2023-29857
An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link...
CVE-2023-27107
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL...
MyQ Solution Print Server和MyQ Solution Central Server 安全漏洞
MyQ Solution Print Server and MyQ Solution Central Server are both products of MyQ Solution, Inc.MyQ Solution Print Server is an easy-to-use print management software. It can control printers, reduce printing costs, and be environmentally friendly by reducing unnecessary waste.MyQ Solution Centra...
PT-2023-20957 · Unknown · Myq Solution Print Server +1
Name of the Vulnerable Software and Affected Versions: MyQ Solution Print Server versions prior to 8.2 Patch 32 MyQ Solution Central Server versions prior to 8.2 Patch 22 Description: The issue is related to incorrect access control in the runReport function, allowing users without appropriate...
GHSA-63F2-6959-2PXJ Mattermost vulnerable to cross-site scripting (XSS)
Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. Issue Identifier: MMSA-2023-00139...
CVE-2023-1776 Stored XSS via SVG attachment on Boards
Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file...
Mattermost 跨站脚本漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from Boards that allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the...