PT-2024-24088 · Unknown · Psitransfer

Name of the Vulnerable Software and Affected Versions: PsiTransfer versions prior to 2.2.0 Description: The issue arises from the absence of restrictions on the PATCH /files/id endpoint, which is designed for uploading files. This allows an attacker who has received the id of a file distribution ...

The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, stems from the ability to add arbitrary strings to the /etc/passwd file using a specially created environment variable. Exploiting this...

Apache Doris 竞争条件问题漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

Design/Logic Flaw

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...

CVE-2023-26282 IBM Watson CP4D Data Stores file modificiation

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...

CVE-2023-26282 IBM Watson CP4D Data Stores file modificiation

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...

CVE-2024-1683

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services...

CVE-2024-1683 DLL Injection in Tenable Identity Exposure Secure Relay

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services...

Tenable Identity Exposure Secure Relay Operating System Command Injection Vulnerability

Tenable Identity Exposure Secure Relay is a schema for transferring Active Directory data from the network to Tenable Identity Exposure using Transport Layer Security TLS from Tenable USA. A security vulnerability exists in Tenable Identity Exposure Secure Relay versions prior to 3.59.4, which...

PT-2024-18219 · Unknown · Tie Secure Relay

Name of the Vulnerable Software and Affected Versions: TIE Secure Relay affected versions not specified Description: A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for...

The vulnerability of the official interface for developing container applications in Plone Docker allows a hacker to gain access to modify or delete files.

The vulnerability of the official Plone Docker image for container applications lies in the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify or delete files using PUT a...

PT-2024-20474 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI's ClearML platform affected versions not specified Description: The issue is related to a lack of authentication in the fileserver component, allowing a remote attacker to access, create, modify, and delete files without proper...

CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

Design/Logic Flaw

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

CVE-2023-50327

CVE-2023-50327 affects IBM PowerSC 1.3, 2.0, and 2.1. The vulnerability arises from the use of insecure HTTP methods, which could allow a remote attacker to modify unauthorized file requests. Affected components/filesets include powerscStd.uiServer, powerscStd.uiAgent, and powerscMFA.server (rang...

PT-2024-13904 · Ibm · Ibm Powersc

Name of the Vulnerable Software and Affected Versions: IBM PowerSC versions 1.3 through 2.1 Description: The issue is related to the use of insecure HTTP methods, which could allow a remote attacker to perform unauthorized file request modification. Recommendations: For versions 1.3 through 2.1,...