EUVD-2022-5995

Malicious code in bioql PyPI...

Dust: Race Condition in Folder Creation Allows Bypassing Folder Limit

The application enforced a hard limit of 10 folders per user under a specific space. However, due to a race condition, it was possible to bypass this limit by sending multiple folder creation requests simultaneously after deleting one folder. This allowed creating more than 10 folders, breaking t...

com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public

Impact The homepage of the application is public which enables a guest to download the package which might contain sensitive information. Patches 1.11.7 Workarounds The access to the page can be manually restricted to a specific set of users or groups...

Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...

CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

CVE-2024-0024

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

[SECURITY] Fedora 38 Update: sudo-1.9.15-1.p5.fc38

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Unauthorized Access

Mattermost Jira Plugin is vulnerable to unauthorized access. The vulnerability is due to its failure to check the security level of incoming issues or restrict based on the user, allowing registered Jira users to create webhooks granting access to all Jira issues...

PT-2023-29240 · Sourcecodester · Sourcecodester Free Hospital Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Free Hospital Management System for Small Practices version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file vmpatientedit-user.php. The manipulation of the argument...

Design/Logic Flaw

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

CVE-2022-23622

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

CVE-2022-23302

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. Mitigation These...

CVE-2021-32756

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

Design/Logic Flaw

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating...

Oracle WebLogic Server CVE-2019-2889 Remote Security Vulnerability

Description Oracle WebLogic Server is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Sample apps' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected Oracle Weblogic Serve...

[SECURITY] Fedora 24 Update: sudo-1.8.20p2-1.fc24

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

If user is restricted to only view the space they should not be able to create or import a calendar

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48465. panel panel:title=23 July 2019 Update|bgColor=e7f4fa Hi everyone, thank you for your interest in this ticket. After...

[SECURITY] Fedora 22 Update: sudo-1.8.15-2.fc22

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Define the security for which plugins can be used by which users on which pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allowe...

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34389. panel Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becom...