13 matches found
GHSA-WFHV-MJ62-F5XH Grafana: Users can generate Service Account tokens after permissions removal
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...
CVE-2026-33381
Grafana CVE-2026-33381 affects Grafana: when a user’s access to mint tokens for a service account is revoked, token minting can still succeed for a few seconds after the revocation. The issue is addressed in Grafana openSUSE/OpenSUSE advisory updates and upstream Grafana fixes, notably Grafana 11...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There is a security vulnerability in GitLab, which stems from improper...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained security vulnerabilities. These vulnerabilities stemmed from...
CVE-2026-0026
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
SUSE-SU-2026:0328-1 Security update for xen
This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 - CVE-2025-58149: Fixed incorrect removal od permissions on PCI...
SUSE-SU-2026:0303-1 Security update for xen
This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 - CVE-2025-58149: Fixed incorrect removal od permissions on PCI...
Fedora 41 : xen (2025-48dc1c8c79)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-48dc1c8c79 advisory. Incorrect removal of permissions on PCI device unplug XSA-476, CVE-2025-58149 ---- x86: Incorrect input sanitisation in Viridian hypercalls XSA-475,...
BIT-MATTERMOST-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the /api/v4/users/me/teams endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users,...
Security update for seamonkey (important)
openSUSE Security Update: Security update for seamonkey Announcement ID: openSUSE-SU-2022:0150-1 Rating: important References: 1194735 Cross-References: CVE-2021-45417 CVSS scores: CVE-2021-45417 SUSE: 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An update...
CVE-2017-0491
An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product:...
iisspy and iis6. 0 parsing fixes-vulnerability warning-the black bar safety net
IIS Spy: “%SystemRoot%/ServicePackFiles/i386/activeds.dll “%SystemRoot%/system32/activeds.dll “%SystemRoot%/system32/activeds. tlb The USER group and the POWERS Group is removed, leaving only the administrators and system permissions. iis6. 0 analysis 1, can upload the directory to the IIS does n...
Oracle command-line program buffer overflow in argument handling
Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...