Lucene search
K

135 matches found

CNNVD
CNNVD
added 2024/02/07 12:0 a.m.6 views

Elastic Security Breach

Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is primarily used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic that stems from the possibility that a...

6.5CVSS6.7AI score0.005EPSS
Exploits0References3
OSV
OSV
added 2023/11/09 3:32 p.m.22 views

CVE-2023-46743 The same file cannot be opened with different rights

application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit...

7.3CVSS5AI score0.00523EPSS
Exploits1References3
OSV
OSV
added 2023/10/25 5:19 p.m.16 views

CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document b...

6.5CVSS6.2AI score0.00752EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2023/08/28 1:17 p.m.7 views

cups: Information leak through Cups-Get-Document operation

A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach...

5.5CVSS5.8AI score0.00347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/08 12:0 a.m.5 views

PT-2023-25073 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID, due to incorrect access control. Recommendations: For...

4.3CVSS6.5AI score0.00411EPSS
Exploits0References6
Apple
Apple
added 2023/05/18 12:0 a.m.127 views

About the security content of macOS Ventura 13.4

About the security content of macOS Ventura 13.4 This document describes the security content of macOS Ventura 13.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

9.8CVSS9.7AI score0.55367EPSS
Exploits22References1Affected Software1
Cvelist
Cvelist
added 2023/04/18 10:57 p.m.37 views

CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be execut...

9.9CVSS9.8AI score0.01144EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.3 views

SUSE CVE-2016-5155

Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site...

6.5CVSS8.9AI score0.01179EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.4 views

SUSE CVE-2021-3500

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file may lead to application crash and other consequences...

7.5CVSS6.9AI score0.00944EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/02/03 12:0 a.m.7 views

CVE-2022-42909

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

6.5CVSS7.1AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/03 12:0 a.m.21 views

CVE-2022-42909

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

6.5CVSS6.6AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/02/03 12:0 a.m.55 views

CVE-2022-42909

WEPA Print Away is affected by an authorization flaw: a user with an account can generate print orders and release codes for documents they do not own without verifying access. The issue stems from not checking that the user is authorized to access documents before processing print jobs. Public d...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/12/20 12:0 a.m.4 views

OpenEMR Access Control Error Vulnerability (CNVD-2023-40915)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in versions of OpenEMR prior to...

8.1CVSS7AI score0.00607EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/17 12:0 a.m.5 views

OpenEMR 访问控制错误漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in versions of OpenEMR prior to...

8.1CVSS6.8AI score0.00607EPSS
Exploits1References3
Prion
Prion
added 2022/11/23 12:15 a.m.17 views

Improper access control

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...

5CVSS5.3AI score0.00531EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/03 2:23 a.m.45 views

User content sandbox can be confused into opening arbitrary documents

Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...

4.3CVSS1.9AI score0.00922EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2021/01/13 12:0 a.m.4 views

JT2Go and Teamcenter Visualization Stack Buffer Overflow Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with existing JT, VFZ, CGM, TIF data.Teamcenter visualization software enables companies to enhance their Product Lifecycle Management PLM environments.The software gives business users access to documents in a...

7.8CVSS7.7AI score0.01581EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/19 10:29 p.m.16 views

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

7.7AI score0.03463EPSS
Exploits2References3
CVE
CVE
added 2020/03/19 10:29 p.m.84 views

CVE-2020-10669

The Canon Oce Colorwave 500 printer web interface (version 4.0.0.0) is affected by CVE-2020-10669 due to an authentication bypass on /home.jsp. An unauthenticated attacker who can reach the device’s web UI can obtain copies of documents uploaded by users. The issue is confirmed in multiple source...

7.5CVSS7.6AI score0.03463EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2019/12/18 6:15 p.m.24 views

CVE-2019-8770

The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents...

5.5CVSS5.1AI score0.00891EPSS
Exploits0References1
Rows per page
Query Builder