Astra Linux – Vulnerability in OpenSSH

In OpenSSH 6.2 through 8.x, prior to version 8.8, when certain non-default configurations were used, privilege escalation could occur because supplementary groups were not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand might run with privileges...

EUVD-2026-25982

OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface...

CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

Sage DPW 安全漏洞

Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...

CVE-2025-66443

Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service...

EUVD-2017-0719

Malware in sbrugna...

EUVD-2025-29071

Malicious code in bioql PyPI...

OESA-2025-2320 rubygem-fluentd security update

Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

CVE-2025-4235

The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...

CVE-2025-1992 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage...

CVE-2025-1992 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage...

CVE-2025-1992

CVE-2025-1992 concerns IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) in federation deployments. The issue is a denial-of-service caused by insufficient release of memory after usage, affecting Db2 versions 11.5.0–11.5.9 and 12.1.0–12.1.1 when authenticated users operate in fe...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 versions 11.5.9 and earlier and 12.1.1 and earlier, which stems from insufficient...

CVE-2025-43922

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...

CVE-2025-43922

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...

FileWave Windows client 安全漏洞

FileWave Windows client is an end-to-end management software client from FileWave Switzerland. A security vulnerability exists in FileWave Windows client versions prior to 16.0.0, which stems from certain non-default configurations that could cause a local user to elevate privileges to SYSTEM...

SUSE CVE-2024-49506

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

CVE-2024-31882

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614...