159 matches found
CVE-2024-32478 Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files
Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...
PT-2024-5774 · Trueconf · Trueconf Server
Name of the Vulnerable Software and Affected Versions: TrueConf Server affected versions not specified Description: The issue is related to insufficient protection of service data in TrueConf Server, which can be exploited by a remote attacker to gather user system information through API methods...
CVE-2024-0765
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...
Cross site scripting
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar...
git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...
git: Bypass of safe.directory protections
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...
Cisco Secure Client Software DoS (cisco-sa-accsc-dos-9SLzkZ8) (CVE-2023-20240)
According to its self-reported version, Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client is affected by multiple denial of service DoS vulnerabilities. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploi...
CVE-2023-20241
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...
CVE-2023-20240
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...
Out-of-bounds
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...
CVE-2023-20241
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...
CVE-2023-20240
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...
CVE-2023-33873 AVEVA Operations Control Logger Execution with Unnecessary Privileges
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine...
Cisco Secure Client Software Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...
PT-2023-7118 · Cisco · Cisco Secure Client
Name of the Vulnerable Software and Affected Versions: Cisco Secure Client Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco Secure Client Software that could allow an authenticated, local attacker to cause a denial of service DoS...
PT-2023-7117 · Cisco · Cisco Secure Client
Name of the Vulnerable Software and Affected Versions: Cisco Secure Client Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco Secure Client Software that could allow an authenticated, local attacker to cause a denial of service DoS...
CVE-2023-42756
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system...
PT-2023-24968 · Unknown · Phpgurukul User Registration & Login/User Management System
Name of the Vulnerable Software and Affected Versions: PHPgurukl User Registration Login and User Management System with admin panel version 1.0 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the "signup.php" endpoint...
CVE-2023-23001
A NULL pointer dereference flaw was found in the Linux kernel’s UFSHCD platform driver. This flaw allows a local user to crash the system...
Security Bulletin: IBM Watson CloudPak for Data Data Stores are vulnerable to web pages stored locally which can be read by another user on the system
Summary IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2023-27545 DESCRIPTION: IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. CVS...