EUVD-2024-24355

Malicious code in bioql PyPI...

webmin -- CGI Command Injection Remote Code Execution

Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the shell autocomplete feature...

CVE-2024-27105 Frappe File Permissions can by bypassed using certain endpoints

Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds...

CVE-2024-27105

CVE-2024-27105 affects Frappe before versions 14.66.3 and 15.16.0. The issue allows bypassing file permissions via certain endpoints, enabling less-privileged users to delete or clone files. A patch is included in 14.66.3 and 15.16.0. No workarounds are documented. Remediate by upgrading to 14.66...

Authentication flaw

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

MGASA-2022-0216 Updated webmin packages fix security vulnerability

Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...

CVE-2020-12510

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...