EUVD-2024-50370

Malicious code in bioql PyPI...

Micronaut Framework Security Vulnerability

Micronaut Framework is a modern full-stack Java framework based on the JVM from the Micronaut Foundation. A security vulnerability exists in Micronaut Framework versions prior to 3.8.3 that stems from an enabled but insecure management endpoint that is vulnerable to local host attacks...

The vulnerability of Windows Mobile Device Management for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of Windows Mobile Device Management for Windows operating systems relates to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of ESET Server Security, ESET Endpoint Antivirus, and ESET Cyber Security lies in the insecure management of privileges, allowing attackers to elevate their privileges to the root level.

The vulnerability of ESET Server Security, ESET Endpoint Antivirus, ESET Cyber Security, and ESET Endpoint Antivirus lies in the insecure management of privileges. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

Insufficient Session Expiration

admidio/admidio is vulnerable to insecure session management. The vulnerability exists due to insufficient sanitization in session expiration in the refreshAutoLogin function in the Session.php file leading to user account compromise...

The vulnerability of the Windows System Launcher component of the Windows operating system allows a hacker to gain increased privileges.

The vulnerability of the Windows System Launcher component of the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

The vulnerability of Visual Studio Code’s source editor lies in its insecure handling of privileges, allowing attackers to elevate their privileges.

The vulnerability of Visual Studio Code’s source editor is related to the insecure management of privileges. Exploiting this vulnerability could allow an attacker to enhance their privileges...

PT-2021-7281 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.0.1 Description: A logic issue was addressed with improved state management, which could allow a malicious application to elevate privileges. The issue is related to insecure privilege management, potentially enabli...

Insecure Keys Management

github.com/google/exposure-notifications-server uses an insecure key management. An attacker can re-publish imported keys before they have expired, allowing for potential replay of RPIs...

V-SOL OLTs Backdoor / Privilege Escalation

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities found in V-SOL OLTs" is posted here: https://pierrekim.github.io/blog/2020-07-14-v-sol-olt-0day-vulnerabilities.html === text-version of the advisory === -----BEGIN PGP...

CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure Vulnerabilities

Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities. Advisory Information Title: Multiple vulnerabilities found in CDATA OLTs Advisory URL:...

CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities found in CDATA OLTs" is posted here: https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html === text-version of the advisory === -----BEGIN PGP...

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution Vulnerabilities

Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities. Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution The HTML version on "Multiple vulnerabilities found in Zyxe...

Flaws Riddle Zyxel’s Network Management Software

Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. In all, researchers have identified 16 vulnerabilities, ranging from multiple backdoors and...

The vulnerability of the Linux Administrative Tools for Intel Network Adapters software relates to insecure management of privileges, allowing an attacker to escalate their own privileges.

The vulnerability of the Linux Administrative Tools for Intel Network Adapters software relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to enhance their privileges...

ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: ZTE ADSL ZXV10 W300 modems - Multiple vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.zte.com.cn Versions Reported: W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 CVE-ID: CVE-2015-7257 CVE-2015-7258...

PicsArt Photo Studio For Android Insecure Management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundación Dr. Manuel Sadosky - Programa STIC Advisory http://www.fundacionsadosky.org.ar Insecure management of login credentials in PicsArt Photo Studio for Android 1. Advisory Information Title: Insecure management of login credentials in PicsArt...