45 matches found
CLSA-2026-1772812307 grafana: Fix of CVE-2026-21721
CVE-2026-21721: Fix dashboard permissions API; verify target dashboard scope and prevent users with permission-management rights on one dashboard from reading or modifying permissions on other dashboards...
EUVD-2026-7438
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...
EUVD-2017-16105
Malware in sbrugna...
EUVD-2018-15927
Malware in sbrugna...
EUVD-2012-4375
Malware in sbrugna...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests to exposed resources. Note: This is only exploitable if the attacker...
CVE-2025-61734
CVE-2025-61734 affects Apache Kylin (versions 4.0.0 through 5.0.2). The issue is an information-disclosure vulnerability caused by inadequate protection of sensitive information, allowing files or directories to be accessible to external parties. The vulnerability is addressed by upgrading to Apa...
PT-2025-40312
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A Server-Side Request Forgery SSRF issue exists in Apache Kylin. The impact is limited if Kylin's system and project admin access is well protected. Recommendations Upgrade to version 5.0.3...
PT-2025-40311
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A flaw exists in Apache Kylin that could allow external parties to access files or directories. Proper protection of Kylin's system and project admin access is crucial to prevent...
PT-2024-40214 · Surrealdb · Surrealdb
Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.0.4 Description: The issue arises from the order in which permissions are processed, leading to potential leaks of field values or record contents to users without the required permissions. This can occur in...
CVE-2023-30583
fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...
CVE-2023-30583
fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...
SUSE CVE-2023-30583
fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...
Path traversal
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
postgresql: Partition constraint violation errors leak values of denied columns
An information leak was discovered in postgresql. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information...
CVE-2020-9943
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory...
Design/Logic Flaw
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3,...