138 matches found
Design/Logic Flaw
EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...
CVE-2024-26133 EventStoreDB Projections Subsystem has potential password leak
EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...
PT-2023-28637 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.2 Description: This issue allows Remote Login sessions to potentially obtain full disk access permissions due to inadequate state management. The estimated number of potentially affected devices worldwide is...
CVE-2023-4949
An attacker with local access to a system either through a disk or external drive can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation...
CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
iscsi-initiator-utils bug fix update
An update is available for iscsi-initiator-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The iscsi-initiator-utils packages provide the server daemon fo...
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-35699
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card...
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack
An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134 , said the attack led to the installation of Swiftbelt, a...
CVE-2023-25953
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LIN...
CVE-2023-25953
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LIN...
CVE-2023-25953
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LIN...
PT-2023-2920 · Line · Drive Explorer
Name of the Vulnerable Software and Affected Versions: Drive Explorer for macOS versions 3.5.4 and earlier Description: The issue is related to incorrect code generation management, allowing an attacker to inject arbitrary code while processing the product execution. This can enable the attacker ...
JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection
LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Impact An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privileg...
WORKS MOBILE Drive Explorer for macOS 代码注入漏洞
WORKS MOBILE Drive Explorer for macOS is a drive explorer for macOS from WORKS MOBILE Japan. A security vulnerability exists in WORKS MOBILE Drive Explorer for macOS, which stems from the fact that execution of LINE WORKS Drive Explorer requires full disk access privileges, allowing an attacker t...
SUSE CVE-2011-4127
The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume...
Code injection
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...
CVE-2022-31590
CVE-2022-31590 affects SAP PowerDesigner Proxy 16.7. An attacker with low privileges and local access can bypass root-disk access restrictions to write a program file on the system disk root, which could be executed with elevated privileges during startup or reboot, potentially impacting confiden...
CVE-2022-31590
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...
SAP PowerDesigner 代码问题漏洞
SAP PowerDesigner, a database design software from SAP, is vulnerable to a code issue in SAP PowerDesigner Proxy version 16.7, which could be exploited by attackers to bypass system root disk access restrictions, write or create program files on the system disk root path, and elevate the privileg...