Lucene search
K

19 matches found

OSV
OSV
added 2026/05/31 12:0 a.m.39 views

RLSA-2026:21745 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...

7.8CVSS6.6AI score0.00514EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.6 views

CVE-2019-16300

An issue was discovered in Open Network Operating System ONOS 1.14. In the access control application org.onosproject.acl, the host event listener does not handle the following event types: HOSTREMOVED. In combination with other applications, this could lead to the absence of intended code...

7.5CVSS7.1AI score0.02004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/06 12:0 a.m.8 views

CVE-2024-56889

Incorrect access control in the endpoint /admin/mdelete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter...

6.9AI score0.00666EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:44 p.m.6 views

CVE-2024-22415

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

9.8CVSS9.4AI score0.00491EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:24 p.m.37 views

CVE-2024-54252

CVE-2024-54252 is a Missing Authorization (Broken Access Control) vulnerability affecting Pinpoint Booking System WordPress plugin versions up to 2.9.9.5.6 (and related 2.9.9.5.x lines). Public docs describe an access-control misconfiguration that could allow unauthorized access or actions within...

6.3CVSS7.2AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2024/07/29 11:15 p.m.24 views

CVE-2024-40811

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system...

8.4CVSS0.00219EPSS
Exploits0References4
CVE
CVE
added 2024/06/14 4:50 p.m.61 views

CVE-2024-37369

Rockwell Automation’s FactoryTalk View SE contains a local privilege escalation vulnerability (CVE-2024-37369) where low-privilege users can edit scripts and bypass ACLs, potentially gaining further access. Affected product: FactoryTalk View SE (per ICS/CISA advisory, with affected version listed...

8.8CVSS7.1AI score0.00333EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/18 9:15 p.m.16 views

Design/Logic Flaw

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

7.5CVSS7.1AI score0.00491EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/01/18 8:27 p.m.333 views

CVE-2024-22415

CVE-2024-22415 relates to the jupyter-lsp server extension for JupyterLab. The vulnerability stems from unsecured endpoints that, when the jupyter-server is exposed to untrusted networks, permit unauthorised access and modification of files outside the jupyter root. Fix: upgrade to version 2.2.2 ...

9.8CVSS9.3AI score0.00491EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/18 8:27 p.m.17 views

CVE-2024-22415 Unsecured endpoints in the jupyter-lsp server extension

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

7.3CVSS7.1AI score0.00491EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/22 5:41 p.m.56 views

samba: SMB clients can truncate files with read-only permissions

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only acces...

6.5CVSS6.7AI score0.01174EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/11/22 12:41 a.m.14 views

CVE-2023-5299 Fuji Electric Tellus Lite V-Simulator Improper Access Control

A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system...

7.3CVSS7.1AI score0.00484EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/08/25 7:10 p.m.11 views

CVE-2021-1583 Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper acces...

4.4CVSS6.7AI score0.00222EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/03/10 12:0 a.m.6 views

SYS.1.3.A14

Die Ausgabe von Informationen ueber das Betriebssystem und der Zugriff auf Protokoll- und Konfigurationsdateien SOLLTE fuer Benutzer auf das notwendige Mass beschraenkt werden. Ausserdem SOLLTEN bei Befehlsaufrufen keine vertraulichen Informationen als Parameter uebergeben werden. Copyright C 202...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/10/22 12:0 a.m.46 views

VMware Horizon View Client < 5.5.0 DoS (VMSA-2020-0022)

The version of VMware Horizon Client for Windows installed on the remote host is less than 5.5.0. It is, therefore, affected by a denial of service DoS vulnerability due to a file system access control issue during install time. An unauthenticated, local attacker can exploit this, via symbolic...

7.1CVSS7.1AI score0.00339EPSS
Exploits0References2
NVD
NVD
added 2020/10/16 2:15 p.m.21 views

CVE-2020-3991

VMware Horizon Client for Windows 5.x before 5.5.0 contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at...

7.1CVSS0.00339EPSS
Exploits0References1
Prion
Prion
added 2020/10/16 2:15 p.m.16 views

Denial of service

VMware Horizon Client for Windows 5.x before 5.5.0 contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at...

3.6CVSS6.8AI score0.00339EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/10/16 1:15 p.m.57 views

CVE-2020-3991

The CVE-2020-3991 entry affects VMware Horizon Client for Windows (5.x before 5.5.0). The vulnerability is a denial-of-service caused by a file system access control issue during install time, where an unauthenticated local attacker could use a symbolic link to overwrite certain admin-privileged ...

7.1CVSS6.7AI score0.00339EPSS
Exploits0References1Affected Software1
VMware
VMware
added 2020/10/15 12:0 a.m.33 views

VMware Horizon Client update addresses a denial-of-service vulnerability (CVE-2020-3991)

3. File system access control denial-of-service vulnerability CVE-2020-3991 VMware Horizon Client for Windows contains a denial-of-service vulnerability due to a file system access control issue during install time. VMware has evaluated the severity of this issue to be in the Moderate severity...

3.6CVSS7AI score0.00339EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder