225 matches found
EUVD-2023-59116
Malicious code in bioql PyPI...
EUVD-2022-32370
Malicious code in bioql PyPI...
Better Privilege Separation for Agents by Restricting Data Types
Large language models LLMs have become increasingly popular due to their ability to interact with unstructured content. As such, LLMs are now a key driver behind the automation of language processing systems, such as AI agents. Unfortunately, these advantages have come with a vulnerability to...
Volkswagen MIB3 Infotainment 安全漏洞
Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment that stems from a lack of privilege separation in a proprietary inter-process communication mechanism, which could allow an attacker to bypa...
PT-2025-27317 · Volkswagen · Mib3
Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit affected versions not specified Description: The MIB3 infotainment unit used in Skoda and Volkswagen vehicles lacks privilege separation for its proprietary inter-process communication mechanism. This allows attackers...
CVE-2022-27881
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation...
The vulnerability of the network management system for monitoring industrial networks in Siemens SINEC NMS, related to insufficient privilege separation, allows a intruder to execute arbitrary commands.
The vulnerability of the Siemens SINEC NMS network management system for monitoring industrial networks is related to insufficient privilege separation. Exploiting this vulnerability could allow a attacker to execute arbitrary commands...
K000141355: Multiple PHP vulnerabilities
Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...
OESA-2024-2018 pcp security update
PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A vulnerability has been identified in the Performance Co-Pilot P...
XZ backdoor: Hook analysis
Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident social engineering Part 3: XZ backdoor. Hook analysis In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned...
CVE-2024-27146
Summary (CVE-2024-27146): The Toshiba printers (notably Toshiba e-STUDIO/MFPs) are affected by a lack of privileges separation. The issue is documented across multiple sources (NVD, CVE lists, OpenVAS entry, and vendor advisories) and is described as the ability for an attacker who can access the...
CVE-2024-27146 Lack of privileges separation
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL...
PT-2024-21677 · Toshiba · Toshiba Printers
Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns the lack of privileges separation in Toshiba printers. There is no information provided about the estimated number of potentially affected devices worldwide or...
RHEL 5 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: possible fallback from untrusted to trusted X11 forwarding CVE-2016-1908 - Untrusted search path...
pcp: unsafe use of directories allows pcp to root privilege escalation
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Impact A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...
UBUNTU-CVE-2023-6917
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...
CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation
A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...
CVE-2023-6917
The CVE-2023-6917 issue in Performance Co-Pilot (PCP) stems from mixed privilege levels across PCP systemd services, with some processes running as root while others are limited PCP users. This separation failure can let privileged root processes interact with directories owned by unprivileged PC...
The vulnerability of the Oslo.privsep component in the cloud computing platform Openstack, related to insecure management of privileges, allows a perpetrator to escalate their privileges.
The vulnerability of the Oslo.privsep component in the OpenStack cloud service platform is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...