CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

PT-2025-37571

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak was identified in the vkms init function within the kernel's drm/vkms module. This leak occurs when the vkms create function fails, but the memory allocated for config...

The vulnerability in the visual integrated development environment for creating Mendix Studio Pro applications arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to write arbitrary files.

The vulnerability in the visual integrated development environment for creating Mendix Studio Pro applications is related to incorrect restrictions on the path to the restricted catalog during module installation. Exploiting this vulnerability allows a malicious actor to write arbitrary files...

SUSE CVE-2016-10345

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...

SUSE CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

Arbitrary File Write

calipso is vulnerable to arbitrary file write. A malicious module can overwrite files on an arbitrary file system through the module install functionality...

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

Design/Logic Flaw

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

Important: Red Hat Security Advisory: Ansible security and bug fix update (2.8.15)

An update for ansible is now available for Ansible Engine 2.8 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

CVE-2017-10689

CVE-2017-10689 affects Puppet-related tarball handling. According to connected advisories, Puppet could install modules with insecure permissions when unpacking tarballs, potentially enabling local code execution. Root cause: tar/mini.rb unpacking may preserve or impose unsafe permissions from th...