17 matches found
EUVD-2024-38628
Malicious code in bioql PyPI...
CVE-2024-40787
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements...
CVE-2021-33057
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...
CVE-2017-1000104
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...
CVE-2025-32964
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...
CVE-2024-42456
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...
CVE-2024-42456
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...
CVE-2024-42456
CVE-2024-42456 affects Veeam Backup & Replication . A low-privileged user with a specific role can exploit a method with insufficient permission checks to modify critical configuration settings (e.g., trusted client certificate on a port), potentially allowing calls to privileged methods and init...
CVE-2024-42456
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...
CVE-2024-40787
CVE-2024-40787 is a local, low-privilege impact issue in Apple platforms where an attacker could bypass internet permission prompts. The root cause involves the handling of user consent prompts, allowing a Shortcut to circumvent Internet permission requirements. Affected products/versions include...
OPENSUSE-SU-2024:0220-1 Security update for caddy
This update for caddy fixes the following issues: - Update to version 2.8.4: cmd: fix regression in auto-detect of Caddyfile 6362 Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: cmd: fix auto-detetction of .caddyfile extension 6356 caddyhttp: properly...
Flexi Access - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-036
The Flexi Access module will provide a simple and flexible interface to the ACL Access Control List module. It will let you set up and mange ACLs naming individual users that are allowed access to a particular node. The module processes user input in a way that could be unsafe. This can lead to...
Design/Logic Flaw
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...
CVE-2021-33057
The CVE-2021-33057 entry concerns Tencent QQ version 8.7.1 on Android and iOS. The issue is that QQ does not enforce location permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) when determining the device’s physical location. An attacker can use qq.createMapContext to instant...
CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics
A PowerShell script to collect memory and triage disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission...
Permissions required for FAS Certificate Templates
Domain computers generating many requests on Certificate Authority CA...
SA-CONTRIB-2010-099 - Views Bulk Operations - Access Bypass
Views Bulk Operations augments Views by allowing bulk operations to be executed on the nodes and users displayed by a view. It does so by showing a checkbox in front of each item, and adding a select box containing operations that can be applied on the selected items. In some circumstances, a...