CVE-2024-44148

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox...

DEBIAN-CVE-2024-46697

In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'l...

CVE-2023-40261

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's har...

Cross Site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability due to file attributes which are insufficiently sanitized via the Edit Attributes page. It vulnerability allows an admin authenticated attacker to inject malicious code into file tags or description attributes,...

Concrete CMS vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

Cross site scripting

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

PT-2024-17599 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS version 9 before 9.2.5 Description: The issue concerns stored XSS in file tags and description attributes. Administrator-entered file attributes are not sufficiently sanitized in the Edit Attributes page, allowing a rogue...

Apache OFBiz 代码问题漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. Apache OFBiz suffers from a server-side request forgery vulnerability that can be exploited by an attacker ...

Rocky Linux 8 : samba (RLSA-2022:0332)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0332 advisory. - The Samba vfsfruit module uses extended file attributes EA, xattr to provide ...enhanced compatibility with Apple SMB clients and interoperability with a...

GLSA-202309-06 : Samba: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-06 Samba: Multiple Vulnerabilities - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a...

KB5030503: Servicing stack update for Windows 10: September 12, 2023

KB5030503: Servicing stack update for Windows 10: September 12, 2023 REMINDER Windows 10, version 1507 reached end of service on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise LoT editions. After April 9, 2019, these devices are no longer offered servicing...

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is an e-mail and productivity suite client software from German company Open-Xchange. A security vulnerability exists in OX App Suite that stems from overly lax default permissions on file attributes, which allows local system users to read potentially sensitive...

SolarWinds Serv-U < 15.4 Exposure of Sensitive Information (CVE-2023-23841)

The version of SolarWinds Serv-U installed on the remote host is prior to 15.4. It is, therefore, affected by an exposure of sensitive information vulnerability as referenced in the vendor advisory. - SolarWinds Serv-U submits an HTTP request when changing or updating the File Share or File reque...

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the...

K84695749: Samba vulnerability CVE-2021-44142

Security Advisory Description The Samba vfsfruit module uses extended file attributes EA, xattr to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfsfruit configured allow...

Security Bulletin: IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

Summary IBM Navigator for i provides server administration functionality for IBM i. An authenticated user with authority to interact with IBM Navigator for i is able to download log files, view file attributes, and perform SQL injection attacks as described in the vulnerability details section. I...

EulerOS Virtualization 3.0.2.6 : samba (EulerOS-SA-2023-1063)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext...

Linux Kernel ksmbd Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of file attributes. The issue results from the lack of proper validation of the...