43 matches found
EUVD-2025-35647
Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...
CVE-2025-48430
Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-35981
Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...
CVE-2025-35981
Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...
EUVD-2025-35651
Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...
Gallagher Command Centre Server 安全漏洞
Gallagher Command Centre Server is a management system for monitoring and managing infrastructure in buildings from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre Server versions 9.30.1874, 9.20.2337, and 9.10.3194, which stems from a privileged operator being...
Gallagher Command Centre Server 安全漏洞
Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from improper enforcement of server-side security mechanisms on the client side,...
Gallagher Command Centre Server 安全漏洞
Gallagher Command Centre Server is a management system for monitoring and managing infrastructure in buildings from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre Server that stems from an uncaught exception that could cause an authorized privileged operator to...
EUVD-2024-3134
Malicious code in bioql PyPI...
SUSE CVE-2025-5999
A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's token privileges to Vault's root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
GO-2025-3858 Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao
Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...
GHSA-MR4H-QF9J-F665 Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
Vault Root Namespace Operator May Elevate Token Privileges
Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. This vulnerability, identified as CVE-2025-5999, is fixed in Vault Community Edition 1.20.0 and Vault Enterprise...
Vault Operators in Root Namespace May Elevate Their Privileges
Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. This vulnerability, identified as CVE-2024-9180, is fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18....
PT-2024-7690 · Hashicorp +3 · Hashicorp Vault +4
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.18.0 HashiCorp Vault Enterprise versions prior to 1.18.0, 1.17.7, 1.16.11, and 1.15.16 Description: A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalat...