128 matches found
CVE-2025-7044
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...
PT-2025-48821
Name of the Vulnerable Software and Affected Versions MAAS affected versions not specified Description An improper input validation issue exists in the user websocket handler. An authenticated, unprivileged attacker can intercept a user.update websocket request and modify the is superuser propert...
Canonical MAAS 安全漏洞
Canonical MAAS is a Canonical open source software for large-scale physical server management and automated deployment. A security vulnerability exists in Canonical MAAS that stems from improper validation of user websocket handler input, which could result in an authenticated, low-privileged...
EUVD-2025-143158
Malicious code in buis-maas-maidafi npm...
Malicious code in buis-maas-maidafi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 177b2a004879d9bb6b71ffbc4a579acabcf7001bc6dacd56075695c9cd2ced08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan RAT called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service MaaS model. According to its seller, the malware enables device control and espionage, allowing threat actor...
Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers
Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers...
EUVD-2014-1502
Malware in sbrugna...
EUVD-2013-1097
Malware in sbrugna...
EUVD-2014-1504
Malware in sbrugna...
EUVD-2014-1503
Malware in sbrugna...
EUVD-2013-1098
Malware in sbrugna...
EUVD-2015-1461
Malware in sbrugna...
EUVD-2024-54803
Malicious code in bioql PyPI...
Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...
Linux Distros Unpatched Vulnerability : CVE-2024-6107
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been...
CVE-2024-6107
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps...