319 matches found
Improper Verification Of Cryptographic Signature
github.com/minio/minio is vulnerable to authorization bypass. The vulnerability is due to improper signature verification due to the ability to use arbitrary secrets to upload objects if the attacker has prior WRITE permissions and access to the access key and bucket name...
The vulnerability of Cisco IOS XR operating systems arises from the lack of control over public write permissions for installed application files. This allows attackers to circumvent existing security restrictions.
The vulnerability of Cisco IOS XR operating systems lies in the lack of control over public write permissions for installed application files. Exploiting this vulnerability can allow a perpetrator to circumvent existing security restrictions...
GHSA-WG47-6JQ2-Q2HH MinIO performs incomplete signature validation for unsigned-trailer uploads
Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...
MinIO performs incomplete signature validation for unsigned-trailer uploads
Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...
CVE-2025-31489
A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...
CVE-2025-31489
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
CVE-2025-31489
Affected product: MinIO object storage server. Vulnerability: incomplete/signature validation for unsigned-trailer uploads allows a client with an existing bucket WRITE permission and knowledge of an access-key and bucket name to upload arbitrary objects by using any secret. Impact (as stated): p...
PT-2025-14797
Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2025-04-03T14-56-28Z Description: The issue concerns an authorization flaw in MinIO, a high-performance object storage system. This flaw allows a client with prior WRITE permissions on a bucket to upload object...
BIT-SUPERSET-2022-43720 Apache Superset: Improper rendering of user input
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...
PT-2024-35158 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.12.8 Craft versions prior to 5.4.9 Description: The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file...
GHSA-RR8J-7W34-XP5J Vault Community Edition privilege escalation vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
CVE-2024-43388 Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation...
CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File
The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
CVE-2024-38610
In the Linux kernel, the following vulnerability has been resolved: drivers/virt/acrn: fix PFNMAP PTE checks in acrnvmrammap Patch series "mm: followpte improvements and acrn followpte fixes". Patch 1 fixes a bunch of issues I spotted in the acrn driver. It compiles, that's all I know. I'll...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not checking PTE write permissions...
BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs HookChecker.exe in all folders and subfolders of a given path. You need to have HookChecker.exe on the same folder of...
CVE-2024-3746 Measuresoft ScadaPro Improper Access Control
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files...
CVE-2024-26705
In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static block TLB entries. For that write access to the static...
CVE-2024-26705 parisc: BTLB: Fix crash when setting up BTLB at CPU bringup
In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static block TLB entries. For that write access to the static...