Lucene search
K

225 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-59116

Malicious code in bioql PyPI...

6.7CVSS6AI score0.002EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-32370

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01877EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

Better Privilege Separation for Agents by Restricting Data Types

Large language models LLMs have become increasingly popular due to their ability to interact with unstructured content. As such, LLMs are now a key driver behind the automation of language processing systems, such as AI agents. Unfortunately, these advantages have come with a vulnerability to...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2025/06/28 12:0 a.m.9 views

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment that stems from a lack of privilege separation in a proprietary inter-process communication mechanism, which could allow an attacker to bypa...

6.3CVSS9.2AI score0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/28 12:0 a.m.9 views

PT-2025-27317 · Volkswagen · Mib3

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit affected versions not specified Description: The MIB3 infotainment unit used in Skoda and Volkswagen vehicles lacks privilege separation for its proprietary inter-process communication mechanism. This allows attackers...

6.3CVSS6.9AI score0.0018EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.15 views

CVE-2022-27881

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation...

7.5CVSS7.6AI score0.01869EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.6 views

The vulnerability of the network management system for monitoring industrial networks in Siemens SINEC NMS, related to insufficient privilege separation, allows a intruder to execute arbitrary commands.

The vulnerability of the Siemens SINEC NMS network management system for monitoring industrial networks is related to insufficient privilege separation. Exploiting this vulnerability could allow a attacker to execute arbitrary commands...

7.8CVSS5.8AI score0.00174EPSS
Exploits0References3Affected Software1
F5 Networks
F5 Networks
added 2024/10/07 3:15 a.m.31 views

K000141355: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...

8.8CVSS9.2AI score0.13314EPSS
Exploits5
OSV
OSV
added 2024/08/23 11:8 a.m.5 views

OESA-2024-2018 pcp security update

PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A vulnerability has been identified in the Performance Co-Pilot P...

6.7CVSS6.8AI score0.002EPSS
Exploits0References2
Securelist
Securelist
added 2024/06/24 10:0 a.m.19 views

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident social engineering Part 3: XZ backdoor. Hook analysis In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned...

8.6AI score
Exploits0
CVE
CVE
added 2024/06/14 2:35 a.m.51 views

CVE-2024-27146

Summary (CVE-2024-27146): The Toshiba printers (notably Toshiba e-STUDIO/MFPs) are affected by a lack of privileges separation. The issue is documented across multiple sources (NVD, CVE lists, OpenVAS entry, and vendor advisories) and is described as the ability for an attacker who can access the...

6.7CVSS6.9AI score0.00245EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/14 2:35 a.m.21 views

CVE-2024-27146 Lack of privileges separation

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL...

6.7CVSS0.00245EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.6 views

PT-2024-21677 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns the lack of privileges separation in Toshiba printers. There is no information provided about the estimated number of potentially affected devices worldwide or...

6.7CVSS6.8AI score0.00245EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.71 views

RHEL 5 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: possible fallback from untrusted to trusted X11 forwarding CVE-2016-1908 - Untrusted search path...

8.4AI score0.98631EPSS
Exploits74References15
RedHat Linux
RedHat Linux
added 2024/04/30 10:38 a.m.4 views

pcp: unsafe use of directories allows pcp to root privilege escalation

A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...

6.7CVSS5.7AI score0.002EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/04/22 6:45 p.m.42 views

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

5.9CVSS7.5AI score0.00492EPSS
Exploits0References21Affected Software2
OSV
OSV
added 2024/02/28 3:15 p.m.6 views

UBUNTU-CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...

6.7CVSS5.8AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/28 2:38 p.m.35 views

CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation

A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...

6CVSS6.2AI score0.002EPSS
Exploits0References3
CVE
CVE
added 2024/02/28 2:38 p.m.200 views

CVE-2023-6917

The CVE-2023-6917 issue in Performance Co-Pilot (PCP) stems from mixed privilege levels across PCP systemd services, with some processes running as root while others are limited PCP users. This separation failure can let privileged root processes interact with directories owned by unprivileged PC...

6.7CVSS6.3AI score0.002EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.7 views

The vulnerability of the Oslo.privsep component in the cloud computing platform Openstack, related to insecure management of privileges, allows a perpetrator to escalate their privileges.

The vulnerability of the Oslo.privsep component in the OpenStack cloud service platform is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

9CVSS7.5AI score0.00596EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder