Lucene search
K

159 matches found

Cvelist
Cvelist
added 2024/04/19 2:37 p.m.48 views

CVE-2024-32478 Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files

Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...

6.9CVSS6.8AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.6 views

PT-2024-5774 · Trueconf · Trueconf Server

Name of the Vulnerable Software and Affected Versions: TrueConf Server affected versions not specified Description: The issue is related to insufficient protection of service data in TrueConf Server, which can be exploited by a remote attacker to gather user system information through API methods...

5CVSS7AI score
Exploits0References2
NVD
NVD
added 2024/03/03 3:15 p.m.29 views

CVE-2024-0765

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

9.6CVSS9.3AI score0.00579EPSS
Exploits1References2
Prion
Prion
added 2024/02/28 8:15 p.m.23 views

Cross site scripting

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar...

7.2AI score0.00992EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/01/25 8:1 a.m.5 views

git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

7.8CVSS7.3AI score0.00782EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/25 8:1 a.m.2 views

git: Bypass of safe.directory protections

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...

7.8CVSS7.3AI score0.00445EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/30 12:0 a.m.19 views

Cisco Secure Client Software DoS (cisco-sa-accsc-dos-9SLzkZ8) (CVE-2023-20240)

According to its self-reported version, Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client is affected by multiple denial of service DoS vulnerabilities. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploi...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2023/11/22 5:15 p.m.5 views

CVE-2023-20241

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/22 5:15 p.m.7 views

CVE-2023-20240

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 5:15 p.m.18 views

Out-of-bounds

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

1.7CVSS6.9AI score0.00197EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/11/22 5:10 p.m.3 views

CVE-2023-20241

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

5.5CVSS5.5AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/22 5:10 p.m.10 views

CVE-2023-20240

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

5.5CVSS6.1AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/15 4:22 p.m.15 views

CVE-2023-33873 AVEVA Operations Control Logger Execution with Unnecessary Privileges

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine...

7.8CVSS7.5AI score0.00236EPSS
Exploits0References2
Cisco
Cisco
added 2023/11/15 4:0 p.m.38 views

Cisco Secure Client Software Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Clie...

5.5CVSS5.6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.4 views

PT-2023-7118 · Cisco · Cisco Secure Client

Name of the Vulnerable Software and Affected Versions: Cisco Secure Client Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco Secure Client Software that could allow an authenticated, local attacker to cause a denial of service DoS...

5.5CVSS5.5AI score0.00197EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.6 views

PT-2023-7117 · Cisco · Cisco Secure Client

Name of the Vulnerable Software and Affected Versions: Cisco Secure Client Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco Secure Client Software that could allow an authenticated, local attacker to cause a denial of service DoS...

5.5CVSS5.5AI score0.00197EPSS
Exploits0References7
OSV
OSV
added 2023/09/28 2:15 p.m.7 views

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSETCMDADD and IPSETCMDSWAP can lead to a kernel panic due to the invocation of ipsetput on a wrong set. This issue may allow a local user to crash the system...

4.7CVSS8.1AI score0.00275EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/06/29 12:0 a.m.3 views

PT-2023-24968 · Unknown · Phpgurukul User Registration & Login/User Management System

Name of the Vulnerable Software and Affected Versions: PHPgurukl User Registration Login and User Management System with admin panel version 1.0 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the "signup.php" endpoint...

6.1CVSS6.4AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/03/30 9:21 a.m.37 views

CVE-2023-23001

A NULL pointer dereference flaw was found in the Linux kernel’s UFSHCD platform driver. This flaw allows a local user to crash the system...

5.5CVSS5.4AI score0.00249EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 10:39 p.m.17 views

Security Bulletin: IBM Watson CloudPak for Data Data Stores are vulnerable to web pages stored locally which can be read by another user on the system

Summary IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2023-27545 DESCRIPTION: IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. CVS...

5.5CVSS3.8AI score0.00195EPSS
Exploits0Affected Software1
Rows per page
Query Builder