| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint (/projects/:project_id/repository/changes) when rendering the “latest changes” view via git log. By supplying a specially crafted rev value (for example, rev=--output=/tmp/poc.txt), an attacker can inject git log command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the :browse_repository permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git log output, but by crafting custom commits the attacker can still upload valid shell scripts, ultimately leading to RCE. The RCE lets the attacker create a reverse shell to the target host and view confidential files outside of OpenProject, such as /etc/passwd. This issue has been patched in versions 16.6.7 and 17.0.3. |
| Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. |
| Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. |
| Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. |
| Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. |
| Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
| Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally. |
