1500 matches found
Red Hat Ansible 安全漏洞
Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and program computer systems. A security vulnerability exists in Red Hat Ansible that stems from a flawed logic or insufficient security validation in the...
Improper Authorization
Overview conan is a Conan C/C++ package manager Affected versions of this package are vulnerable to Improper Authorization in the server's authorization mechanism, by the checkreadconan, checkwriteconan, and checkdeleteconan methods in the authorize function, as well as via authentication checks ...
PT-2024-38570 · Langchain Ai · Langchainjs
Name of the Vulnerable Software and Affected Versions: langchain-ai/langchainjs version 0.2.5 Description: A path traversal issue exists in the getFullPath method, allowing attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The...
CVE-2023-32190
A flaw was found in the mlocate package of OpenSUSE and derived distributions. This issue occurs due to a insecure chmod call in the %post section of the mlocate package, allowing users to obtain read/write access to arbitrary files on the system when the mlocate package is re-installed or upgrad...
CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
CVE-2023-32190 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
CVE-2023-32190
CVE-2023-32190 affects the mlocate package (notably OpenSUSE-derived distributions). The vulnerability stems from an insecure chmod/permissions handling in the %post script, allowing a local attacker to abuse root-run file operations to make arbitrary files world-readable. Impact is localized to ...
openSUSE Tumbleweed 安全漏洞
openSUSE Tumbleweed is an open source system from SUSE Germany. A security vulnerability exists in openSUSE Tumbleweed that originates from allowing a user to make arbitrary files readable by everyone by abusing insecure file operations run with root privileges...
Description of the security update for Visual Studio 2015 Update 3: October 8, 2024 (KB5045536)
Description of the security update for Visual Studio 2015 Update 3: October 8, 2024 KB5045536 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Summary A denial of service vulnerability exists in the Diagnostics Hub Standard Collector if it handles file operations incorrectl...
CVE-2024-37179 Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...
CVE-2024-37179 Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...
[ASA-202410-1] oath-toolkit: privilege escalation
Arch Linux Security Advisory ASA-202410-1 ========================================= Severity: High Date : 2024-10-04 CVE-ID : CVE-2024-47191 Package : oath-toolkit Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-2857 Summary ======= The package oath-toolkit befor...
CVE-2024-25660
The WebDAV service in Infinera TNMS Transcend Network Management System 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges...
CVE-2024-25660
The WebDAV service in Infinera TNMS Transcend Network Management System 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges...
CVE-2024-25660
CVE-2024-25660 concerns Infinera TNMS 19.10.3 where the WebDAV service can be abused by a low-privileged, remote attacker to perform unauthorized file operations. The root cause is the service executing with unnecessary privileges, enabling impact on confidentiality, integrity, and availability. ...
PT-2024-21077 · Infinera · Infinera Tnms
Name of the Vulnerable Software and Affected Versions: Infinera TNMS version 19.10.3 Description: The WebDAV service in Infinera TNMS allows a low-privileged remote attacker to conduct unauthorized file operations because it executes with unnecessary privileges. Recommendations: For version...
CVE-2024-7400
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so...
CVE-2024-7400 Local privilege escalation in ESET products for Windows
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so...
CVE-2024-7400
CVE-2024-7400 describes a local privilege escalation in ESET products for Windows where an attacker could misuse ESET’s file operations during the removal of a detected file to delete files without proper permissions. The issue affects multiple ESET products on Windows (e.g., NOD32 Antivirus, Int...