18 matches found
SUSE CVE-2024-3220
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...
CVE-2026-2123
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2026-2123
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2026-2123
CVE-2026-2123 describes a local privilege escalation in Windows where the Operations Agent (versions
CVE-2026-2123 Privilege escalation vulnerability in Operations Agent
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2026-2123
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2026-2123 Privilege escalation vulnerability in Operations Agent
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
OpenText Operations Agent 安全漏洞
OpenText Operations Agent is a software developed by OpenText Corporation in Canada, used for managing and monitoring OpenText products and solutions. Versions of OpenText Operations Agent prior to 12.29 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of...
PT-2026-29297
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
RUSTSEC-2025-0139 theshit vulnerable to unsafe loading of user-owned Python rules when running as root
The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...
CVE-2025-64185
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEMPATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability...
PT-2025-47607
Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.0.8 Open OnDemand versions prior to 3.1.16 Description Open OnDemand packages create world writable locations in the GEM PATH prior to versions 4.0.8 and 3.1.16. This could allow unauthorized modification of...
CVE-2025-57176
CVE-2025-57176 affects Siklu EtherHaul EH-8010EH-1200 devices (firmware 7.4.0–10.7.3). The rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location. Uploads use weak encryption (metadata only) with file contents in cleartext and no authentication or path valida...
BIT-PYTHON-2024-3220
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...
CVE-2024-3220
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...
PT-2024-24613 · Znuny +1 · Znuny +1
Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...
Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation
Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The kernel’s CmpAddRemoveContainerToCLFSLog function doesn’t...
Debian Security Advisory DSA 079-2 (uucp)
The remote host is missing an update to uucp announced via advisory DSA 079-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...