MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4 (AXSA:2019-3940:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3940:03 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

Apple macOS Sequoia Privilege Restriction Insufficiency Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient privilege restriction vulnerability that can be exploited by an attacker to cause the disclosure of sensitive user data...

EUVD-2013-0898

Malware in sbrugna...

EUVD-2023-1107

Malicious code in bioql PyPI...

EUVD-2023-59783

Malicious code in bioql PyPI...

PT-2025-15338 · Unknown · Hdcp Trustlet

Name of the Vulnerable Software and Affected Versions: HDCP trustlet versions prior to SMR Apr-2025 Release 1 Description: The issue is related to improper access control in the HDCP trustlet, allowing local attackers with shell privilege to escalate their privileges to root. This can be exploite...

PT-2024-37257 · WordPress · Page/Post Clone

Name of the Vulnerable Software and Affected Versions: Page and Post Clone plugin for WordPress versions up to, and including, 6.0 Description: The issue allows authenticated attackers with Author-level access and above to clone and read private posts due to missing validation on a user-controlle...

HestiaCP Security Vulnerabilities

HestiaCP is a lightweight and powerful control panel for modern networks. A security vulnerability exists in HestiaCP versions prior to 1.8.9, which stems from an insufficient privilege restriction issue...

PT-2023-27335 · Unknown · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce versions 2.7 to 2.8.21 Description: The issue allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. Recommendations: For Welcart e-Commerce versions 2.7 to 2.8.21, consider...

PT-2023-25084 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An improper resource allocation issue exists in the OAS Engine configuration management functionality. A specially crafted series of network requests can lead to the creati...

PT-2023-25320 · Stormshield · Stormshield Endpoint Security Evolution

Name of the Vulnerable Software and Affected Versions: Stormshield Endpoint Security Evolution versions 2.0.0 through 2.3.2 Description: The issue allows an interactive user to create arbitrary files with local system privileges using the SES Evolution agent due to insecure permissions...

PT-2023-23299 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Central Management Service versions 420, 430 Description: The issue allows an attacker to access restricted information under certain conditions. Some users with specific privileges could hav...

SUSE CVE-2020-15238

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

CVE-2022-26676

CVE-2022-26676 concerns the product aEnrich a+HRD . The vulnerability stems from inadequate privilege restrictions on an API function, enabling an unauthenticated remote attacker to upload and execute malicious scripts, potentially allowing control of the system or disruption of services. This al...

PT-2021-6811 · Yandex +1 · Yandex Browser +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to v20.8.18.32-lts ClickHouse versions prior to v21.1.9.41-stable ClickHouse versions prior to v21.2.9.41-stable ClickHouse versions prior to v21.3.6.55-lts ClickHouse versions prior to v21.4.3.21-stable Yandex Brows...

PT-2020-11853 · Apple · Macos Big Sur +1

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.0.1 Description: A logic issue was addressed with improved state management, allowing a sandboxed process to potentially circumvent sandbox restrictions. Recommendations: For macOS Big Sur versions prior to...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

PT-2020-13118

Name of the Vulnerable Software and Affected Versions: G.SKILL Trident Z Lighting Control versions 1.00.08 and earlier Description: The issue allows local non-privileged users to access sensitive operations, including mapping and un-mapping of physical memory, reading and writing to Model Specifi...