PT-2026-42023

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

EUVD-2022-27966

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unshared page table during VMA splitting, which could lead to a race condition...

CVE-2022-22828

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string...

CVE-2024-52516

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 o...

CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 o...

CVE-2024-52516

CVE-2024-52516 - Nextcloud Server group-based sharing not revoked The connected PT-Security advisory confirms concrete details: Nextcloud Server (and Enterprise Server) versions prior to specific fixed releases are affected. When a user is removed from a group, shares restricted to that group are...

CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 o...

CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 o...

CVE-2023-26428

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...

PT-2023-20624 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Attackers can request arbitrary snippet IDs, including E-Mail signatures of other users within the same context, even if they are not explicitly shared...

Amazon Linux 2023 : runc (ALAS2023-2023-208)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-208 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following...

rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

...

rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

DEBIAN-CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

Catalyst IT Mahara 访问控制错误漏洞

Catalyst It Catalyst IT Mahara is a social networking system from Catalyst IT Catalyst It in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Mahara 21.04, which stems from combinations created in groups that are not shared with...

CVE-2022-22828

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string...

Design/Logic Flaw

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string...

CVE-2022-22828

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string...