8 matches found
CVE-2022-23497
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...
Bosch Rexroth ctrlX OS 安全漏洞
Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that stems from improper handling of user configuration files, which could lead t...
CVE-2022-23497 Insecure file access in FreshRSS
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...
CVE-2022-23497 Insecure file access in FreshRSS
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...
Zimbra 安全漏洞
Zimbra is an open source email collaboration platform from Zimbra, Inc. in the United States. Zimbra suffers from a security vulnerability that stems from its sudo configuration that allows a user to execute zmslapd binaries as the root user with arbitrary parameters. As part of its intended...
Digital Unix 4.0 MSGCHK MH_PROFILE Symbolic Link Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3320/info The msgchk utility under certain versions of Digital Unix contains an information disclosure vulnerability which could yield root privilege. Because msgchk fails to check file permissions before opening user...
DSA-681-1 synaesthesia - privilege escalation
Bulletin has no description...
Digital Unix 4.0 - MSGCHK MH_PROFILE Symbolic Link
source: https://www.securityfocus.com/bid/3320/info The msgchk utility under certain versions of Digital Unix contains an information disclosure vulnerability which could yield root privilege. Because msgchk fails to check file permissions before opening user configuration files in the user's hom...