268 matches found
PT-2020-13792 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 8.6.0 Description: The issue is related to the Replication handler, which allows commands such as backup, restore, and deleteBackup. These commands take a location parameter that was not validated, allowing...
DEBIAN-CVE-2020-24331
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file which contains various settings related to this daemon...
PT-2020-15683 · Trousers +6 · Trousers +6
Name of the Vulnerable Software and Affected Versions: TrouSerS versions prior to 0.3.14 Description: An issue was discovered where the tss user still has read and write access to the /etc/tcsd.conf file, which contains various settings related to the tcsd daemon, if the daemon is started with ro...
PT-2020-3112 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to a lack of proper validation of files uploaded to an affected device, allowing an authenticated, remote attacker to conduct directory traversal...
CVE-2020-10039
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to...
Oasis Cross-Site Request Forgery Vulnerability
Oasis is an open source peer-to-peer social application. A cross-site request forgery vulnerability exists in Oasis versions prior to 2.15.0. An attacker can exploit this vulnerability to read or write to vulnerable applications with the help of a specially crafted malicious website...
Samsung Mobile Device Input Validation Error Vulnerability (CNVD-2020-32822)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have an input validation error vulnerability that can be exploited by an attacker to read/write files in a locked state with the help of a...
Totemo totemomail read/write access vulnerability
Totemo totemomail is an email encryption solution from the Swiss company Totemo. A security vulnerability exists in Totemo totemomail version 7.0.0. The vulnerability can be exploited by a remote attacker via enumeration to read and modify mail folders...
CVE-2019-19194
The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...
Red Hat Quay Bot Account Plain Text Token Vulnerability
Red Hat Quay is a private container registry for storing, building, and deploying container images. A bot account plain text token vulnerability exists in Red Hat Quay versions prior to 3.2.0. An attacker could exploit this vulnerability to perform read and write operations on container images...
CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...
CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...
VulnCheck KEV: CVE-2016-5198
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...
Oracle Solaris vulnerable to arbitrary code execution via /proc/self
Overview Oracle Solaris 11 and Solaris 10 are vulnerable to arbitrary code execution if an attacker has read/write access to /proc/self in the process file system. Description The process file system /proc in Oracle Solaris 11 and Solaris 10 provides a self/ alias that refers to the current...
Docker Elevation of Privilege Vulnerability
Summary CVE-2018-15664 describes a vulnerability in the Docker runtime and the underlying community project, Moby wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that th...
CVE-2018-15664
CVE-2018-15664 affects Docker prior to fix in 18.06.1-ce-rc2, enabling a symlink-exchange attack via the docker cp API that can grant an attacker arbitrary read/write access to the host filesystem with root privileges due to archive handling on non-frozen/chrooted filesystems. Public advisories (...
CVE-2018-5839
Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU,...
CVE-2018-15768
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database...
CVE-2018-15768 Insecure MySQL Configuration Vulnerability
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database...
CVE-2018-11062
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...