29 matches found
EUVD-2026-35385
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...
GHSA-P8P9-5953-H9JW Concrete CMS is vulnerable to IDOR in AddMessage/UpdateMessage
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...
CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...
PT-2026-42556
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists in the 'AddMessage' and 'UpdateMessage' conversation controllers. These controllers accept user-supplied file attachment IDs through the attachmen...
AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...
ALSA-2026:7670 Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...
Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...
Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...
ALSA-2026:1843 Important: nodejs22 security update
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
EUVD-2014-4919
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-23132
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Serve...
FreeBSD -- Buffer overflow in some filesystems via NFS
Problem Description: In order to export a file system via NFS, the file system must define a file system identifier FID for all exported files. Each FreeBSD file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are...
RHEL 5 / 6 : JBoss Enterprise Web Server 1.0.2 update (Moderate) (RHSA-2011:0897)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0897 advisory. - tomcat: information disclosure in authentication headers CVE-2010-1157 - httpd modcache, moddav: DoS httpd child process crash by...
CVE-2024-27105
Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds...
CVE-2024-27105
CVE-2024-27105 affects Frappe before versions 14.66.3 and 15.16.0. The issue allows bypassing file permissions via certain endpoints, enabling less-privileged users to delete or clone files. A patch is included in 14.66.3 and 15.16.0. No workarounds are documented. Remediate by upgrading to 14.66...
PT-2024-21653 · Frappe · Frappe
Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.66.3 Frappe versions prior to 15.16.0 Description: Frappe is a full-stack web application framework. The issue allows file permission to be bypassed using certain endpoints, granting less privileged users permissio...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2023-30582 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the failure to restrict file watching through the...
CVE-2023-21290
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
File Permission Bypass
libarchive.so is vulnerable to File Permission Bypass. The vulnerability exists due to a race condition in archivewritediskheader function at archivewritediskposix.c because the unmasking process does not take intro consideration other threads working on the same file, which allows an attacker to...
Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Docker used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-24769 DESCRIPTION: Moby could allow a local attacker to gain elevated privileges on the system, caused by an issue with containers started incorrectly with...