EUVD-2026-20795

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

PT-2025-51973

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...

CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

CVE-2025-2570

Mattermost CVE-2025-2570 affects Mattermost Server versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11. Root cause: the system fails to enforce RestrictSystemAdmin when a user lacks access to ExperimentalSettings, allowing a System Manager to access ExperimentSettings via the System Console. Impact: ex...

CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege...

DEBIAN-CVE-2020-9759

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...

NewStart CGSL MAIN 4.05 : openssh Multiple Vulnerabilities (NS-SA-2019-0139)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh packages installed that are affected by multiple vulnerabilities: - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use th...

OPENSUSE-SU-2018:4302-1 Security update for go

This update for go fixes the following issues: - golang: arbitrary command execution via VCS path bsc1081495, CVE-2018-7187 - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely because GOPATH i...

WMD (Weapon of Mass Destruction) - Python framework for IT security tools

This is a python tool with a collection of IT security software. The software is incapsulated in "modules". The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command "use modulecall", e.g. "use apsniff", to activate the module. ...

CentOS 7 : openssh (CESA-2016:2588)

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Amazon Linux: Security Advisory (ALAS-2012-128)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : dbus (ALAS-2012-128)

It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the...

Medium: dbus

Issue Overview: It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application...

CentOS Update for dbus CESA-2012:1261 centos6

Check for the Version of dbus OpenVAS Vulnerability Test CentOS Update for dbus CESA-2012:1261 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Scientific Linux Security Update : dbus on SL6.x i386/x86_64 (20120913)

It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the...

Oracle Application Server Portal 10g Cross Site Scripting Vulnerability

OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...

nostalgic-advisory-1999-01.txt

------ ADVISORY ------------------------------------ 1999-01 ------ XITAMI WEBSERVER SHIPS WITH TESTCGI.EXE ------ nostalgic ------------------- [email protected] ------ 1 / PRODUCT INFORMATION Product name: XITAMI WEB SERVER Creators: IMATIX URL: http://www.imatix.com/html/xitami 2 / PROBL...