19 matches found
RLSA-2026:21745 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...
CVE-2019-16300
An issue was discovered in Open Network Operating System ONOS 1.14. In the access control application org.onosproject.acl, the host event listener does not handle the following event types: HOSTREMOVED. In combination with other applications, this could lead to the absence of intended code...
CVE-2024-56889
Incorrect access control in the endpoint /admin/mdelete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter...
CVE-2024-22415
jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...
CVE-2024-54252
CVE-2024-54252 is a Missing Authorization (Broken Access Control) vulnerability affecting Pinpoint Booking System WordPress plugin versions up to 2.9.9.5.6 (and related 2.9.9.5.x lines). Public docs describe an access-control misconfiguration that could allow unauthorized access or actions within...
CVE-2024-40811
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system...
CVE-2024-37369
Rockwell Automation’s FactoryTalk View SE contains a local privilege escalation vulnerability (CVE-2024-37369) where low-privilege users can edit scripts and bypass ACLs, potentially gaining further access. Affected product: FactoryTalk View SE (per ICS/CISA advisory, with affected version listed...
Design/Logic Flaw
jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...
CVE-2024-22415
CVE-2024-22415 relates to the jupyter-lsp server extension for JupyterLab. The vulnerability stems from unsecured endpoints that, when the jupyter-server is exposed to untrusted networks, permit unauthorised access and modification of files outside the jupyter root. Fix: upgrade to version 2.2.2 ...
CVE-2024-22415 Unsecured endpoints in the jupyter-lsp server extension
jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...
samba: SMB clients can truncate files with read-only permissions
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only acces...
CVE-2023-5299 Fuji Electric Tellus Lite V-Simulator Improper Access Control
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system...
CVE-2021-1583 Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability
A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper acces...
SYS.1.3.A14
Die Ausgabe von Informationen ueber das Betriebssystem und der Zugriff auf Protokoll- und Konfigurationsdateien SOLLTE fuer Benutzer auf das notwendige Mass beschraenkt werden. Ausserdem SOLLTEN bei Befehlsaufrufen keine vertraulichen Informationen als Parameter uebergeben werden. Copyright C 202...
VMware Horizon View Client < 5.5.0 DoS (VMSA-2020-0022)
The version of VMware Horizon Client for Windows installed on the remote host is less than 5.5.0. It is, therefore, affected by a denial of service DoS vulnerability due to a file system access control issue during install time. An unauthenticated, local attacker can exploit this, via symbolic...
CVE-2020-3991
VMware Horizon Client for Windows 5.x before 5.5.0 contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at...
Denial of service
VMware Horizon Client for Windows 5.x before 5.5.0 contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at...
CVE-2020-3991
The CVE-2020-3991 entry affects VMware Horizon Client for Windows (5.x before 5.5.0). The vulnerability is a denial-of-service caused by a file system access control issue during install time, where an unauthenticated local attacker could use a symbolic link to overwrite certain admin-privileged ...
VMware Horizon Client update addresses a denial-of-service vulnerability (CVE-2020-3991)
3. File system access control denial-of-service vulnerability CVE-2020-3991 VMware Horizon Client for Windows contains a denial-of-service vulnerability due to a file system access control issue during install time. VMware has evaluated the severity of this issue to be in the Moderate severity...