UBUNTU-CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based buffer overflow...

CVE-2021-30658

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks...

CVE-2021-30658

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks...

Improper access control

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks...

CVE-2021-30658

CVE-2021-30658 affects macOS Big Sur 11.3 and is tied to Installer/file-metadata handling. Root cause: improved handling of file metadata. Impact: a malicious application may bypass Gatekeeper checks during installation. Remedy: fixed in macOS Big Sur 11.3 (HT212325). Other documents corroborate ...

CVE-2021-37620

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An...

Advisory ROSA-SA-2021-1996

Software: wget 1.14 OS: Cobalt 7.9 CVE-ID: CVE-2016-7098 CVE-Crit: HIGH CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...

The vulnerability of the set_file_metadata function in the GNU Wget download manager allows a hacker to gain access to protected information.

The vulnerability of the setfilemetadata function in the GNU Wget download manager is related to the lack of protection for metadata. Exploiting this vulnerability could allow an attacker to access protected information...

DRUPAL-CORE-2020-011

A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...

CVE-2020-2267

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller...

CVE-2020-2267

CVE-2020-2267 affects Jenkins MongoDB Plugin versions 1.3 and earlier, where a missing permission check allows users with Overall/Read to access metadata of arbitrary files on the Jenkins controller. The issue is described across multiple sources (Red Hat, NVD, CNVD, GHSA, OSV, etc.) with the cor...

PT-2020-15493 · Jenkins · Jenkins Mongodb Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MongoDB Plugin versions 1.3 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. This issue arises because the plug...

PT-2020-15492 · Jenkins · Jenkins Mongodb Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MongoDB Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller...

Information disclosure

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file eg. a photo containing location metadata with no additional execution privileges needed. User...

Mahara 18.10 < 18.10.5, 19.04 < 19.04.4, 19.10 < 19.10.2 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

Mahara Information Disclosure Vulnerability (CNVD-2020-16699)

Mahara is a full-featured web application for building your own ePortfolio. An information disclosure vulnerability exists in Mahara. The vulnerability can be exploited by a member of a group to gain unauthorized access to file metadata information in an Elasticsearch results list. No detailed...

CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore...

CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore...

CVE-2020-9386

The CVE-2020-9386 issue affects Mahara: versions 18.10.x before 18.10.5, 19.04.x before 19.04.4, and 19.10.x before 19.10.2. Root cause is improper access-control enforcement, causing file metadata to be disclosed to group members who no longer have access to the artefact in Elasticsearch result ...