EUVD-2023-49910

Malicious code in bioql PyPI...

CVE-2025-0141 GlobalProtect App: Privilege Escalation (PE) Vulnerability

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and...

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI Aruba's Access Point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

CVE-2023-45619

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI Aruba's access point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This...

CVE-2021-21466

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...

CVE-2019-15979

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...

CURL-CVE-2010-3842 local file overwrite

curl offers a command line option --remote-header-name also usable as -J which uses the filename of the Content-disposition: header when it saves the downloaded data locally. curl attempts to cut off the directory parts from any given filename in the header to only store files in the current...

Glibc Local Root Exploit

Hi all, This has been bouncing around on vuln-dev and the debian-devel lists. It effects glibc = 2.1.9x and it would seem many if not all OSes using these versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and the actual fix was a missing comma in the list of secure env vars...