CVE-2023-5369 copy_file_range insufficient capability rights check

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369

CVE-2023-5369 concerns copy_file_range with an incomplete privilege check. Connected FreeBSD advisories confirm the issue: the syscall validated only CAP_READ and CAP_WRITE; CAP_SEEK is also required for offset-based access. The flaw enables a sandboxed process with read or write capabilities but...

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from an improper privilege check in copyfilerange...

FreeBSD : FreeBSD -- copy_file_range insufficient capability rights check (e261e71c-6250-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e261e71c-6250-11ee-8e38-002590c1f29c advisory. - Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabiliti...

PT-2023-32072 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from an incorrect privilege check in the copy file range system call, which only verifies the CAP READ and CAP WRITE capabilities on the input and output file...

Jenkins Plugin AWS CodeCommit Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. Jenkins Plugin AWS...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a possible lack of privilege checking in the vowifi service...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from a lack of privilege checking in the getIntentForButton module of...

Jenkins Qualys Web App Scanning Connector Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

SUSE CVE-2023-38058

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

CVE-2023-38058

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

CVE-2023-38058

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

CVE-2023-38058

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

Input validation

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

UBUNTU-CVE-2023-38058

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

CVE-2023-38058 Tickets can be moved without permissions

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

CVE-2023-38058

CVE-2023-38058 affects OTRS 8.0.X prior to 8.0.35. An improper privilege check in the agent interface’s ticket move action allows an authenticated agent to move a ticket without the required permission. Public details confirm affected versions and the root cause (privilege enforcement failure). R...

CVE-2023-38058 Tickets can be moved without permissions

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35...

PT-2023-26269 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 8.0.34 Description: An improper privilege check in the OTRS ticket move action in the agent interface allows any authenticated attacker to perform a move of a ticket without the needed permission. Recommendations:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets are chipsets from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in the Bluetooth service, leading to local information leakage. The following products are affected:...