Lucene search
K

164 matches found

NVD
NVD
added 2020/05/12 6:15 p.m.18 views

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

8.8CVSS8.2AI score0.00981EPSS
Exploits0References2
Prion
Prion
added 2020/05/12 6:15 p.m.18 views

Sql injection

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

6.5CVSS8.8AI score0.00981EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2020/05/12 5:48 p.m.21 views

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

7.7CVSS8.9AI score0.00981EPSS
Exploits0References2
CVE
CVE
added 2020/05/12 5:48 p.m.66 views

CVE-2020-6249

The CVE-2020-6249 entry describes a SQL injection vulnerability in SAP Master Data Governance (MDG) where the admin backend report enables an attacker to craft database queries that expose the backend database. Affected components include MDG in SAP S4CORE 101, S4FND 102–104, SAP_BS_FND 748. The ...

8.8CVSS8.8AI score0.00981EPSS
Exploits0References2Affected Software3
Veracode
Veracode
added 2020/04/30 2:24 a.m.39 views

Privilege Escalation

gvfs is vulnerable to privilege escalation. A race condition in daemon/gvfsbackendadmin.c allows escalation of privileges due to admin backend not implementing queryinfoonread/write...

8.1CVSS4.5AI score0.01749EPSS
Exploits0References11Affected Software28
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.4 views

gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS5.8AI score0.01749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.6 views

gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c

It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read...

7.3CVSS5.8AI score0.01832EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.5 views

gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move and copy with GFILECOPYALLMETADATA operations from admin:// to file:// URIs, because root privileges are unavailable...

5.7CVSS5.8AI score0.0184EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/01 12:0 a.m.1 views

SQL Injection Vulnerability in Baishuo Networks CMS Admin Backend Login

Baishuo web cms management system is a content management system for text processing, image processing, flash animation, sound and video streaming, images and even email archives. A SQL injection vulnerability exists in the backend login of Bystronic's cms management system, which can be exploite...

7.7AI score
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for gvfs (EulerOS-SA-2019-1968)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.0184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.31 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : gvfs Vulnerability (NS-SA-2019-0238)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users...

7CVSS7.1AI score0.00368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.29 views

EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-2156)

According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileg...

7CVSS7.1AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2019/10/15 11:15 p.m.3 views

CVE-2019-17612

An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter...

7.2CVSS7.1AI score0.0104EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.45 views

Scientific Linux Security Update : gvfs on SL7.x x86_64 (20190806)

Security Fixes : - gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password CVE-2019-3827 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid128221...

7CVSS7.1AI score0.00368EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/06 12:30 p.m.4 views

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...

7CVSS5.8AI score0.00368EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/07/10 7:54 a.m.34 views

CVE-2019-12447

It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read...

7.3CVSS2.8AI score0.01832EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/07/10 12:0 a.m.29 views

Ubuntu 16.04 LTS / 18.04 LTS : GVfs vulnerabilities (USN-4053-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4053-1 advisory. It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong...

8.1CVSS6.7AI score0.0184EPSS
Exploits0References5
OSV
OSV
added 2019/07/09 11:29 a.m.4 views

USN-4053-1 gvfs vulnerabilities

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. CVE-2019-12447, CVE-2019-12448,...

8.1CVSS6.9AI score0.0184EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2019/07/09 11:29 a.m.66 views

USN-4053-1: GVfs vulnerabilities

It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. CVE-2019-12447, CVE-2019-12448,...

8.1CVSS6.6AI score0.0184EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/19 12:0 a.m.40 views

RHEL 8 : gvfs (RHSA-2019:1517)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1517 advisory. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol FTP, Secure...

7CVSS7AI score0.00368EPSS
Exploits0References5
Rows per page
Query Builder