39 matches found
SUSE-SU-2026:21432-1 Security update for ntfs-3g_ntfsprogs
This update for ntfs-3gntfsprogs fixes the following issue: - CVE-2026-40706: heap buffer overflow in ntfsbuildpermissionsposix in acls.c bsc1262216...
CVE-2026-24413
CVE-2026-24413 involves the Icinga 2 Windows ACL issue where the folder at C:\ProgramData\icinga2\var could be readable by all local users, potentially exposing the private key and synced configuration. Affected range: Icinga 2 versions starting with 2.3.0 up to 2.13.14, 2.14.8, and 2.15.2 (these...
PT-2026-5318
The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...
CVE-2025-12100
CVE-2025-12100 affects MongoDB BI Connector ODBC driver versions 1.0.0–1.4.6, due to an incorrectly set default privilege that enables local privilege escalation. The issue is documented across multiple sources (including Red Hat and OSV entries) with the same description. A fix appears in v1.4.7...
CVE-2025-11575 MongoDB Atlas SQL ODBC driver installation via MSI may leave ACLs unset on custom installation directories
Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0...
Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-680657)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680657 advisory. An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked...
EUVD-2024-0275
Malicious code in bioql PyPI...
CVE-2023-26490
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...
AMD Management Plugin for SCCM Incorrect Default Permissions Vulnerability
Bulletin ID: AMD-SB-9005 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary An incorrect default permissions vulnerability is identified within the AMD Management Plugin for the Microsoft® System Center Configuration Manager SCCM. The plugin is...
Ryzen™ Master Monitoring SDK & AMD Ryzen™ Master Utility Incorrect Default Permission Vulnerabilities
Bulletin ID: AMD-SB-9004 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary The AMD Ryzen™ Master Monitoring SDK is a public distribution that is designed to allow software developers to add processor and memory functions to their own utilities...
AMD Provisioning Console Incorrect Default Permissions Vulnerability
Bulletin ID: AMD-SB-9007 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within the AMD Provisioning Console Software. The researcher’s report noted that AMD Provisioning...
GHSA-6M72-467W-94RH Privilege Escalation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...
CVE-2022-4149
The Netskope client service prior to R96 on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory C:\Users\Public\netSkope for a standard user. The files are created and written with a SYSTEM account except one file logplaceholder which inherits permission giving all...
CVE-2022-4149 Local privilege escalation using log file
The Netskope client service prior to R96 on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory C:\Users\Public\netSkope for a standard user. The files are created and written with a SYSTEM account except one file logplaceholder which inherits permission giving all...
Denial Of Service (DoS)
libvirt.so is vulnerable to denial of service DoS attacks. The locked virStoragePoolObj object in the storagePoolLookupByTargetPath function is not properly released on ACL permission failures which allows clients connected to the read-write socket with limited ACL permissions to acquire the lock...
PT-2022-7701 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.7.2 macOS versions prior to 12.6.2 macOS versions prior to 13 Description: A logic issue was addressed with improved checks, allowing an app to bypass Gatekeeper checks. The Gatekeeper function automatically checks...
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2022-2045)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...