Lucene search
+L

138 matches found

Prion
Prion
added 2024/02/21 5:15 p.m.20 views

Design/Logic Flaw

EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...

4.7CVSS7.2AI score0.00615EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/21 4:49 p.m.14 views

CVE-2024-26133 EventStoreDB Projections Subsystem has potential password leak

EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...

5.5CVSS6.8AI score0.00615EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.5 views

PT-2023-28637 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.2 Description: This issue allows Remote Login sessions to potentially obtain full disk access permissions due to inadequate state management. The estimated number of potentially affected devices worldwide is...

8.8CVSS4.4AI score0.0054EPSS
Exploits0References8
NVD
NVD
added 2023/11/10 5:15 p.m.30 views

CVE-2023-4949

An attacker with local access to a system either through a disk or external drive can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation...

8.1CVSS0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/03 1:58 p.m.5 views

CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

6.4CVSS6.8AI score0.00231EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2023/10/06 11:10 p.m.21 views

iscsi-initiator-utils bug fix update

An update is available for iscsi-initiator-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The iscsi-initiator-utils packages provide the server daemon fo...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/17 7:5 p.m.12 views

CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop

TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...

7.4CVSS6.8AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 2023/07/10 4:15 p.m.25 views

CVE-2023-35699

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card...

5.3CVSS5.1AI score0.00202EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/06/26 12:36 p.m.3 views

Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack

An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134 , said the attack led to the installation of Swiftbelt, a...

7.6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/05/23 2:15 a.m.2 views

CVE-2023-25953

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LIN...

9.8CVSS6.2AI score0.00576EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/23 2:15 a.m.2 views

CVE-2023-25953

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LIN...

9.8CVSS7.5AI score0.00576EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.7 views

CVE-2023-25953

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LIN...

9.5AI score0.00576EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.3 views

PT-2023-2920 · Line · Drive Explorer

Name of the Vulnerable Software and Affected Versions: Drive Explorer for macOS versions 3.5.4 and earlier Description: The issue is related to incorrect code generation management, allowing an attacker to inject arbitrary code while processing the product execution. This can enable the attacker ...

9.8CVSS7.5AI score0.00576EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/08 12:0 a.m.23 views

JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection

LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Impact An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privileg...

9.8CVSS9.5AI score0.00576EPSS
Exploits0
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.2 views

WORKS MOBILE Drive Explorer for macOS 代码注入漏洞

WORKS MOBILE Drive Explorer for macOS is a drive explorer for macOS from WORKS MOBILE Japan. A security vulnerability exists in WORKS MOBILE Drive Explorer for macOS, which stems from the fact that execution of LINE WORKS Drive Explorer requires full disk access privileges, allowing an attacker t...

9.8CVSS8.6AI score0.00576EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.4 views

SUSE CVE-2011-4127

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume...

4.6CVSS6.7AI score0.00566EPSS
Exploits2References9
Prion
Prion
added 2022/06/14 7:15 p.m.26 views

Code injection

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...

7.2CVSS7.7AI score0.00243EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/06/14 6:39 p.m.70 views

CVE-2022-31590

CVE-2022-31590 affects SAP PowerDesigner Proxy 16.7. An attacker with low privileges and local access can bypass root-disk access restrictions to write a program file on the system disk root, which could be executed with elevated privileges during startup or reboot, potentially impacting confiden...

7.8CVSS7.7AI score0.00243EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/14 6:39 p.m.17 views

CVE-2022-31590

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...

8AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.6 views

SAP PowerDesigner 代码问题漏洞

SAP PowerDesigner, a database design software from SAP, is vulnerable to a code issue in SAP PowerDesigner Proxy version 16.7, which could be exploited by attackers to bypass system root disk access restrictions, write or create program files on the system disk root path, and elevate the privileg...

7.8CVSS5.8AI score0.00243EPSS
Exploits0References4
Rows per page
Query Builder