7195 matches found
PT-2023-23728 · Beaker +1 · Beaker +1
Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.9.9 CKAN versions prior to 2.10.1 Description: CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in CKAN which may lead to remote code...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact ...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
sudo: arbitrary file write with privileges of the RunAs user
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...
RHEL 7 : sudo (RHSA-2023:3262)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3262 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...
PT-2023-23418 · Wcms · Wcms
Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...
CVE-2022-36327
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk i...
CVE-2022-36327 Path traversal vulnerability leading to an arbitrary file write in Western Digital devices
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk i...
CVE-2022-36327 Path traversal vulnerability leading to an arbitrary file write in Western Digital devices
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk i...
CVE-2023-31871
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dmsecurewriter. The binary has security controls in place preventing creation of a file in a...
CVE-2023-31871
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dmsecurewriter. The binary has security controls in place preventing creation of a file in a...
Design/Logic Flaw
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dmsecurewriter. The binary has security controls in place preventing creation of a file in a...
CVE-2023-31871
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dmsecurewriter. The binary has security controls in place preventing creation of a file in a...
CVE-2023-31871
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dmsecurewriter. The binary has security controls in place preventing creation of a file in a...
OpenText Documentum Content Server 安全漏洞
OpenText Documentum Content Server is a data storage platform from OpenText, Inc. that is used to provide secure, enterprise-wide control over any type of content. A security vulnerability exists in OpenText Documentum Content Server versions prior to 23.2, which stems from a privilege escalation...
GHSA-46F2-X6H2-X9HX Jenkins File Parameter Plugin arbitrary file write vulnerability
Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name and resulting uploaded file name of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
Jenkins Pipeline Utility Steps Plugin provides the untar and unzip Pipeline steps to extract archives into job workspaces. Pipeline Utility Steps Plugin 2.15.2 and earlier does not validate or limit file paths of files contained within these archives. This allows attackers able to provide crafted...