CVE-2025-54866

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files x86\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in...

CVE-2025-54866 Wazuh installation fails to protected authd.pass on Windows

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files x86\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in...

EUVD-2025-198508

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files x86\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.3.0 through prior to 4.13.0, which stems from a missing ACL in...

EUVD-2024-1001

Malicious code in bioql PyPI...

GHSA-52CX-HPC5-CXWC silverstripe/framework missing ACL on reports

The SSReport, and the reports CMS section only checks canView when listing the reports that can be viewed by the current user. It does not and should perform canView checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the...

SUSE CVE-2005-1345

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the httpaccess configuration, which could lead to less restrictive ACLs than intended by the administrator...

CVE-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...

UBUNTU-CVE-2020-24394

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...

CVE-2020-15412

An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form...

SS-2016-012: Missing ACL on reports

More info at https://www.silverstripe.org/download/security-releases/ss-2016-012/...

Fedora 21 : libvirt-1.2.9.2-1.fc21 (2015-1892)

Rebased to version 1.2.9.2 - CVE-2014-8131: deadlock and segfault in qemuConnectGetAllDomainStats bz 1172571 - CVE-2015-0236: missing ACL check for the VIRDOMAINXMLSECURE flag in save images and snapshots objects bz 1185769 - CVE-2014-8136: local denial of service in qemu/qemudriver.c bz 1176179...

Asterisk Missing ACL Check Remote Security Bypass Vulnerability (AST-2009-007)

Asterisk is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...