27 matches found
EUVD-2020-12567
Malware in sbrugna...
EUVD-2020-20543
Malware in sbrugna...
EUVD-2020-18192
Malware in sbrugna...
EUVD-2022-28523
Malicious code in bioql PyPI...
EUVD-2024-46526
Malicious code in bioql PyPI...
CVE-2024-6984
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm...
CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
GHSA-8C64-Q78Q-87R6 Duplicate Advisory: Juju leaks of the sensitive context ID
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6vjm-54vp-mxhx. This link has been maintained to preserve external references. Original Description An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local...
SUSE CVE-2022-1016
A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker...
DEBIAN-CVE-2022-1016
A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker...
CVE-2021-25987
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...
CVE-2021-31153
please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the searchpath function, the --check option, or the -d option...
CVE-2021-31153
please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the searchpath function, the --check option, or the -d option...
CVE-2020-25507
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions 0777...
Code injection
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions 0777...
Design/Logic Flaw
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and...
PT-2020-16915
Name of the Vulnerable Software and Affected Versions TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below Description A local unprivileged attacker, such as a malicious App, can read and write to the /data/vendor/tc...
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...