9 matches found
PT-2025-38611
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments affected versions not specified Description The Vasion Print Virtual Appliance Host and Application has overly-permissive filesystem permissions...
Medium: apr
Issue Overview: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr...
Apache Portable Runtime (APR): Unexpected lax shared memory permissions
...
Fedora 40 : apr (2024-b40491b84b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b40491b84b advisory. This update to the apr package fixes a security issue in the handling of shared memory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime APR:...
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
Impact On a node controlled by an attacker or malicious user, the lax permissions configured on open-feature-operator-controller-manager can be used to further escalate the privileges of any service account in the cluster. The increased privileges could be used to modify cluster state, leading to...
PT-2023-22090 · Unknown · Openfeature Operator
Name of the Vulnerable Software and Affected Versions: OpenFeature Operator versions prior to 0.2.32 Description: The issue allows an attacker to escalate the privileges of any service account in the cluster, assuming the pre-existence of a vulnerability that enables arbitrary code execution. Thi...
DEBIAN-CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
Design Vulnerability in Baidu Moplus SDK (WormHole Vulnerability)
The Moplus SDK is a public development kit developed in-house by Baidu, which is integrated into numerous Android applications. The "WormHole" vulnerability exists in Baidu's Moplus SDK, which is mainly used to enhance the expansion of Baidu's search engine in smart terminals, and to realize the...
Security Advisory FreeBSD-SA-02:25.bzip2
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:25 Security Advisory The FreeBSD Project Topic: bzip2 contains multiple security vulnerabilities Category: core/ports Module: bzip2 Announced: 2002-05-20 Credits: Volker...