EUVD-2025-209298

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected...

Incorrect Default Permissions

Amendment This was deemed not a vulnerability. Overview ansible is a simple IT automation system. Affected versions of this package are vulnerable to Incorrect Default Permissions via excessive group-writable permissions on the /etc/passwd file during the build process. An attacker can gain full...

CVE-2020-24717

OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777...

CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

EUVD-2019-9157

Malware in sbrugna...

EUVD-2020-17428

Malware in sbrugna...

EUVD-2024-33482

Malicious code in bioql PyPI...

CVE-2024-56972

An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...

PT-2022-23764 · Grommunio · Gromox

Name of the Vulnerable Software and Affected Versions: Grommunio Gromox versions 0.5 through 1.x before 1.28 Description: The issue is related to weak permissions on the configuration file in the PAM module, allowing a local unprivileged user in the gromox group to execute arbitrary code upon...

CVE-2020-25716

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest...

CVE-2020-4700

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077...

CVE-2019-19539

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...

Moodle Information Disclosure Vulnerability (CNVD-2017-27603)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. An information disclosure vulnerability exists in version 3.x of Moodle. An attacker...

CVE-2010-3195

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service trap via vectors involving "special group and user enumeration."...

Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation

source: https://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow wheel group members to use the 's...