14 matches found
Astra Linux - уязвимость в libvirt
A improper locking issue was detected in the virStoragePoolLookupByTargetPath API of libvirt. This issue occurs in the storagePoolLookupByTargetPath function, where a locked virStoragePoolObj object is not properly released in case of an ACL permission failure. Clients connecting to the read-writ...
SUSE CVE-2025-55074
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...
CVE-2025-39926 genetlink: fix genl_bind() invoking bind() after -EPERM
In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genlbind invoking bind after -EPERM Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners...
CVE-2025-3446
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...
Command injection
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands...
PT-2022-20879
Name of the Vulnerable Software and Affected Versions Harbor versions prior to 2.5.2 Description The issue allows malicious users to view, update, and delete Webhook policies of other users due to a failure in validating user permissions. This can be exploited through the API endpoint "GET...
Denial Of Service (DoS)
libvirt.so is vulnerable to denial of service. Lack of proper handling of a locked virStoragePoolObj object to release on ACL permission failure in the function virStoragePoolLookupByTargetPath allows other users to access storage pool APIs, causing an application crash...
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
Teddy 跨站脚本漏洞
Teddy is an easy-to-read, easy-to-learn template language. A security vulnerability exists in teddy that stems from the lack of effective permission and access control measures on a networked system or product...
libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
CVE-2020-14486
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands...
Authorization
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands...
Multiple vulnerabilities in OpenDolphin
Overview OpenDolphin provided by Life Sciences Computing Corporation contains multiple vulnerabilities listed below. Privilege escalation - CVE-2018-16161 Information disclosure CWE-200 - CVE-2018-16162 Restrict access permissions failure CWE-284 - CVE-2018-16163 Symantec Japan, Inc. Advisory...