5045 matches found
CVE-2020-26312
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
Arbitrary File Read
github.com/dotmesh-io/dotmesh is vulnerable to Arbitrary File Read. The vulnerability is due to the unsafe handling of symbolic links in an unpacking routine, allowing attackers to read and/or write to arbitrary locations outside the designated target folder...
May 14, 2024—KB5037782 (OS Build 20348.2461)
May 14, 2024—KB5037782 OS Build 20348.2461 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when ne...
General Electric Healthcare Ultrasound 路径遍历漏洞
GE General Electric Healthcare Ultrasound is a medical sonic detection device from General Electric GE. A path traversal vulnerability exists in General Electric Healthcare Ultrasound. An attacker could exploit this vulnerability to access files and directories stored outside of the web root fold...
Veritas System Recovery 安全漏洞
Veritas System Recovery is a fast, easy-to-use backup and recovery solution for Microsoft Windows servers from Veritas USA. A security vulnerability exists in versions prior to Veritas System Recovery 23.2Hotfix that stems from incorrect permissions on the Veritas System Recovery folder...
Public Folder Backup Hangs
Challenge An Exchange backup job that contains a public folder mailbox runs in an endless cycle, continuously getting changed items from one of the public folders. In the job logs, you can see multiple entries in the following format: Changed items: 0, deleted items: 0, read state changes: 100...
PT-2024-3953 · Veritas · Veritas System Recovery
Name of the Vulnerable Software and Affected Versions: Veritas System Recovery versions prior to 23.3 Hotfix Description: The issue is related to incorrect permissions for the Veritas System Recovery folder, allowing low-privileged users to conduct attacks. Exploitation of this issue may enable a...
CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...
CVE-2024-1076
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...
CVE-2024-20856
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario...
CVE-2024-20856
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario...
CVE-2024-20856
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario...
CVE-2024-20856
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario...
WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Title Modification
Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR May-2024 Release 1, which stems from an incorrect authentication vulnerability in the...
PT-2024-18766 · Samsung · Secure Folder
Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to SMR May-2024 Release 1 Description: The issue allows physical attackers to access Secure Folder without proper authentication in a specific scenario. This is due to an improper authentication vulnerability...
CVE-2023-51579
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2023-51579
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...
UBUNTU-CVE-2023-51592
BlueZ Audio Profile AVRCP parsemediafolder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability i...