CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

SUSE CVE-2017-9792

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

CVE-2024-37285

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

PT-2019-4664 · Todd Miller +4 · Sudo +4

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.29 and earlier Description: The issue is related to the sudoer account with Runas ALL privileges, allowing an attacker to impersonate a nonexistent user by invoking sudo with a numeric uid not associated with any user. This...