21 matches found
EUVD-2021-0650
Malware in sbrugna...
EUVD-2022-3406
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-4591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local...
CVE-2023-24069
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...
CVE-2013-0718
The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem...
CVE-2013-2300
The FlickWnn aka OpenWnn/Flick support application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem...
Linux Distros Unpatched Vulnerability : CVE-2023-35852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute ...
CVE-2023-39611
An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests...
SUSE CVE-2017-1000387
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.buildpublisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to acce...
CVE-2023-24069
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...
PT-2023-19386 · Signal · Signal Desktop +1
Name of the Vulnerable Software and Affected Versions: Signal Desktop versions prior to 6.2.0 Description: The issue allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some case...
GitLab Information Disclosure Vulnerability (CNVD-2021-90771)
GitLab is a self-hosted Git version control system project repository application developed by GitLab, Inc. using Ruby on Rails. GitLab Community Edition is vulnerable to an information leak that could be exploited by an attacker with local filesystem access to gain root-level privileges...
Code injection
Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...
Design/Logic Flaw
An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...
CVE-2016-4591
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...
Mozilla Firefox Multiple Vulnerabilities - August 13 (Windows)
The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnaug13win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Firefox Multiple Vulnerabilities - August 13 Windows Authors: Thanga Prakash S Copyright: Copyright...
CVE-2013-1717
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging...
Code injection
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging...
CVE-2013-1717
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging...
CVE-2009-1296
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...