CVE-2024-26822

CVE-2024-26822 relates to the Linux kernel SMB client automounts. The issue occurs when uid, gid and cruid are not specified, which can cause the automount context to reuse values from the parent mount. The fix is to dynamically set uid, gid and cruid in the filesystem context used for automounts...

CVE-2024-26822

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the...

CVE-2024-26822 smb: client: set correct id, uid and cruid for multiuser automounts

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the...

AnythingLLM 输入验证错误漏洞

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has an input validation error vulnerability that stems from an incorrect input validation vulnerability that allows an attacker to escalate privileges by disabling Multi-User Mode...

PT-2024-15802 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows a default user on a multi-user instance to execute a call to the "/export-data" endpoint, enabling them to exfiltrate data of the system at that save state. This requir...

CVE-2024-0037

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

Faraday - Open Source Vulnerability Management Platform

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on...

SUSE CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2022-35868

A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an untrust...

CVE-2022-35868

A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an untrust...

Path traversal

A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an...

CVE-2022-35868

A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an untrust...

CVE-2022-35868

Siemens TIA Project-Server and TIA Multiuser Server are affected by an untrusted search path vulnerability (CWE-426) that could allow local privilege escalation when a user starts the service from an attacker-controlled path. Affected: TIA Multiuser Server V14 (all), TIA Multiuser Server V15 befo...

PT-2023-1971 · Siemens · Tia Multiuser Server +1

Name of the Vulnerable Software and Affected Versions: TIA Multiuser Server versions prior to V15.1 Update 8 TIA Project-Server versions prior to V1.1 TIA Project-Server V16 All versions TIA Project-Server V17 versions prior to V17 Update 6 Description: The issue is related to an untrusted search...

kernel: cifs: fix handlecache and multiuser

In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinne...

kernel: cifs: fix handlecache and multiuser

In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinne...

GSD-2022-1001625 cifs: fix handlecache and multiuser

cifs: fix handlecache and multiuser This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit ffa631c4bff59dde59b598011f570e27dfba3515...

February 1, 2022, update for Office 2016 (KB5002138)

February 1, 2022, update for Office 2016 KB5002138 This article describes update 5002138 for Microsoft Office 2016 that was released on February 1, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

Gajim 安全漏洞

Gajim is a full-featured Xmpp client. A security vulnerability exists in Gajim 1.2.x and 1.3.3 before 1.3.3, which can be exploited by an attacker to cause a denial of service crash in a multiuser chat via a crafted XMPP Last Message Correction XEP-0308 message, where the message ID is equal to t...

CVE-2021-1568

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copyin...