GHSA-793H-6F7R-6QVM Druid ingestion system Authenticated users can read data from other sources than intended

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

Default credentials

Dell EMC Repository Manager DRM version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with...

CVE-2020-4882

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery SSRF attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852...

Improper Access Control

chromium is vulnerable to improper access control. The vulnerability exists due to the inappropriate allowance of the setDownloadBehavior devtools protocol feature in extensions in Google Chrome, allowing an attacker with control of an installed extension to access files on the local file system...

Insufficient Policy Enforcement

Google Chrome has insufficient policy enforcement. An attacker could access content on the local file system via a crafted Chrome Extension...

GHSA-M4VV-P6FQ-JHQP Directory Traversal in @vivaxy/here

The @vivaxy/here module is a small web server that serves files with the process' working directory acting as the web root. It is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This...

Directory Traversal in @vivaxy/here

The @vivaxy/here module is a small web server that serves files with the process' working directory acting as the web root. It is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This...

Same-Origin Policy Bypass

firefox is vulnerable to Same-Origin policy bypass. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy...

The vulnerability of the “/absolute/pathname/here” component of the McAfee Advanced Threat Defense security tool, which allows a perpetrator to gain access to files in the local file system.

The vulnerability of the “/absolute/pathname/here” component of the McAfee Advanced Threat Defense security tool exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to...

Path traversal

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...

CVE-2019-18308

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from...

CVE-2019-18322

CVE-2019-18322 concerns the SPPA-T3000 MS3000 Migration Server (all versions). Affected component: MS3000 Server; vulnerability allows an attacker with network access to read and write arbitrary files on the local filesystem by sending specially crafted packets to port 5010/tcp. The root cause is...

CVE-2019-18322

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is...

CVE-2019-18321

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is...

CVE-2019-1003038

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...

CVE-2019-1003038

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...

CVE-2018-1000425

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...

CVE-2018-1000425

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...

Design/Logic Flaw

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube...