GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

EUVD-2019-4994

Malware in sbrugna...

CVE-2025-34200

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to...

CVE-2025-34200 Vasion Print (formerly PrinterLogic) Network Account Password Stored in Cleartext

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2022-45095

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, informati...

CVE-2022-45095

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, informati...

Command injection

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, informati...

CVE-2022-45095

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, informati...

CVE-2022-45095

Dell PowerScale OneFS (versions 8.2.x–9.4.x) contains a command-injection vulnerability where an authenticated user with local shell access and the ability to gather logs could execute arbitrary commands, potentially causing DoS, information disclosure, and data deletion. Root cause cited in mult...

PT-2022-6375 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.4.x Description: The issue is related to a command injection vulnerability. An authenticated user with access to the local shell and the privilege to gather logs from the cluster could potentiall...

PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

CVE-2022-22967

Removed by vendor...

Authorization Bypass

clamav is vulnerable to authorization bypass. The vulnerability exists as a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could...

CVE-2020-3350 Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

Valleylab FT10 and Valleylab FX8 Input Validation Error Vulnerability

The Medtronic Valleylab FT10 and Valleylab FX8 are both power supply devices for the medical industry from Medtronic. An input validation error vulnerability exists in the Valleylab FT10 and Valleylab FX8, which can be exploited by an attacker to gain local shell access...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...