GHSA-CWGG-57XJ-G77R changedetection.io Path Traversal

Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked Details The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here wher...

Unauthorized Access

github.com/juju/juju is vulnerable to an Unauthorized Access. The vulnerability is due to improper access control over the JUJUCONTEXTID and the exposed UNIX domain socket, allowing unauthorized users on the local system with access to the default network namespace to connect and perform privileg...

Vulnerable juju hook tool abstract UNIX domain socket

Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...

GHSA-8V4W-F4R9-7H6X Vulnerable juju hook tool abstract UNIX domain socket

Impact When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. Patches Patch:...

GHSA-FC27-7PF5-96V3 Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the...

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

CVE-2024-8037

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...

Acronis Cyber Protect Cloud Agent 安全漏洞

Acronis Cyber Protect Cloud Agent is a cloud agent from Acronis Switzerland. A security vulnerability exists in Acronis Cyber Protect Cloud Agent versions prior to 38565, which stems from an unnecessary privilege assignment that results in the manipulation of local active protection service...

PT-2024-38200 · F Secure · F-Secure Total

Name of the Vulnerable Software and Affected Versions: F-Secure Total affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. User interaction by an administrator is required to exploit it. The flaw exists within the...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

git: additional local RCE

A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...

PT-2024-27022 · Ricoh · Ricoh Streamline Nx Pc Client

Name of the Vulnerable Software and Affected Versions: Ricoh Streamline NX PC Client versions 3.7.2 and earlier Description: The issue is related to the use of hard-coded credentials. If exploited, an attacker may obtain the LocalSystem Account of the PC where the product is installed, potentiall...

Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

PT-2024-20119 · Unifier +1 · Unifier +1

Name of the Vulnerable Software and Affected Versions: Unifier and Unifier Cast versions 5.0 or later Description: The issue is related to incorrect default permissions. If exploited, it may allow arbitrary code execution with LocalSystem privilege, potentially leading to the installation of...

PT-2024-26929 · Unifier +1 · Unifier +1

Name of the Vulnerable Software and Affected Versions: Unifier and Unifier Cast versions 5.0 or later Description: A missing authorization issue allows for the execution of arbitrary code with LocalSystem privilege if exploited. This could result in the installation of malicious programs,...

Multiple vulnerabilities in Unifier and Unifier Cast

Overview Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 - CVE-2024-23847 Missing Authorization for coejobhook Command Execution CWE-862 - CVE-2024-36246...

CVE-2024-0159

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system...