135 matches found
Elastic Security Breach
Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is primarily used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic that stems from the possibility that a...
CVE-2023-46743 The same file cannot be opened with different rights
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit...
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document b...
cups: Information leak through Cups-Get-Document operation
A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach...
PT-2023-25073 · Chamilo · Chamilo
Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID, due to incorrect access control. Recommendations: For...
About the security content of macOS Ventura 13.4
About the security content of macOS Ventura 13.4 This document describes the security content of macOS Ventura 13.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...
CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be execut...
SUSE CVE-2016-5155
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site...
SUSE CVE-2021-3500
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file may lead to application crash and other consequences...
CVE-2022-42909
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...
CVE-2022-42909
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...
CVE-2022-42909
WEPA Print Away is affected by an authorization flaw: a user with an account can generate print orders and release codes for documents they do not own without verifying access. The issue stems from not checking that the user is authorized to access documents before processing print jobs. Public d...
OpenEMR Access Control Error Vulnerability (CNVD-2023-40915)
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in versions of OpenEMR prior to...
OpenEMR 访问控制错误漏洞
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in versions of OpenEMR prior to...
Improper access control
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...
User content sandbox can be confused into opening arbitrary documents
Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...
JT2Go and Teamcenter Visualization Stack Buffer Overflow Vulnerability
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with existing JT, VFZ, CGM, TIF data.Teamcenter visualization software enables companies to enhance their Product Lifecycle Management PLM environments.The software gives business users access to documents in a...
CVE-2020-10669
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...
CVE-2020-10669
The Canon Oce Colorwave 500 printer web interface (version 4.0.0.0) is affected by CVE-2020-10669 due to an authentication bypass on /home.jsp. An unauthenticated attacker who can reach the device’s web UI can obtain copies of documents uploaded by users. The issue is confirmed in multiple source...
CVE-2019-8770
The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents...