The vulnerability of the Ivanti Avalanche device management system, related to incorrect restrictions on the path name to the restricted access catalog, allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Ivanti Avalanche device management system is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

CVE-2024-24779

Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...

CVE-2024-42169

CVE-2024-42169 affects HCL DRYiCE MyXalytics (MyXalytics) with an insecure direct object reference caused by missing access control checks. The CVE entry and multiple connected sources (NVD, CVE List, CIRCL, PT Security) consistently describe unauthorized access to data due to insufficient verifi...

Code injection

Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...

PT-2024-20556 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: The issue allows users with custom roles that include can write on dataset and without all data access permissions to create virtual datasets to...

New OS Tool Tells You Who Has Access to What Data

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential ...

PT-2023-23956 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.44.7 Metabase versions prior to 0.45.4 Metabase versions prior to 0.46.3 Metabase versions prior to 1.44.7 Metabase versions prior to 1.45.4 Metabase versions prior to 1.46.3 Description: Metabase is an open sourc...

Google Android has an unspecified vulnerability (CNVD-2018-10118)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9206 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...