32 matches found
EUVD-1999-0408
Malware in sbrugna...
EUVD-2006-4566
Malware in sbrugna...
EUVD-2023-54441
Malicious code in bioql PyPI...
EUVD-2022-6866
Malicious code in bioql PyPI...
EUVD-2022-6106
Malicious code in bioql PyPI...
EUVD-2023-54405
Malicious code in bioql PyPI...
CVE-2020-15080
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...
Linux Distros Unpatched Vulnerability : CVE-2017-1000382
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - VIM version 8.0.1187 and other versions most likely ignores umask when creating a swap file ORIGINALFILENAME.swp resulting in files that may be world readable o...
CVE-2024-30265
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the...
RHEL 5 : emacs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - emacs: command injection flaw within enriched mode handling CVE-2017-14482 - GNU Emacs version 25.3.1 and...
Design/Logic Flaw
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...
CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...
CVE-2023-4588
Delinea Secret Server (versions v10.9.000002 and v11.4.000002) contains a file accessibility vulnerability that could let an authenticated user with administrative privileges create a backup file in the webroot, redirect the default backup directory to wwwroot, and download files (e.g., encryptio...
CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...
Code injection
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded...
CVE-2022-47512
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability HCO/ SolarWinds Platform 2022.4. No other versions are affected...
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
go -- syscall.Faccessat checks wrong group on Linux
The Go project reports: When called with a non-zero flags parameter, the syscall.Faccessat function could incorrectly report that a file is accessible. This bug only occurs on Linux systems...
Information Disclosure
cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon...