44 matches found
CVE-2026-7573
Velocidex Velociraptor (GetUserRoles gRPC API) is affected in versions below 0.76.5, due to an authorization bypass (CWE-639) that allows any authenticated low-privilege user to retrieve the complete ACL policy (roles/permissions) for any user across all organizations by supplying specific Name a...
CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations
An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...
Velocidex Velociraptor 安全漏洞
Velocidex Velociraptor is a tool developed by Velocidex Australia that uses the Velociraptor Query Language VQL to retrieve host-based status information. Versions of Velocidex Velociraptor prior to 0.76.5 contained a security vulnerability. This vulnerability stemmed from an authorization bypass...
CVE-2026-30783
CVE-2026-30783 affects rustdesk-client across Windows, macOS, Linux, iOS, Android, and WebClient up to version 1.4.5. The issue is tied to client signaling, API sync loop, and config handling, specifically in src/rendezvous_mediator.Rs and src/hbbs_http/sync.Rs. Root cause details and exact explo...
CVE-2026-30783 RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Client signaling, API sync loop, config management modules allows Privilege Abuse. This vulnerability is associated with program files src/rendezvousmediator.Rs, src/hbbshttp/sync....
EUVD-2014-0262
Malware in sbrugna...
EUVD-2021-2560
Malware in sbrugna...
EUVD-2025-16313
Malicious code in bioql PyPI...
EUVD-2023-2015
Malicious code in bioql PyPI...
EUVD-2023-2141
Malicious code in bioql PyPI...
CVE-2025-2826
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to...
CVE-2025-2826
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to...
CVE-2025-2826
CVE-2025-2826 affects Arista EOS platforms where IPv4/ MAC / IPv6 ingress ACLs may not be enforced on one or more interfaces, leading to ingress packets being incorrectly allowed or denied. The Arista advisory notes the issue exists in EOS train 4.33.x, with fixed releases including 4.33.2.1F, 4....
CVE-2025-2826 n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to...
CVE-2023-3072
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...
BIT-VAULT-2021-43998
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault...
Nomad ACL Policies without Label are Applied to Unexpected Resources
A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11...
CVE-2023-3299
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...
CVE-2023-3072
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...
UBUNTU-CVE-2023-3299
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...