9 matches found
EUVD-2026-18450
listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...
CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)
listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...
EUVD-2021-14589
Malware in sbrugna...
DEBIAN-CVE-2025-9901
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be...
CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
Design/Logic Flaw
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
CVE-2021-27851 Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
CVE-2021-27851
CVE-2021-27851 affects the guix-daemon in multi-user setups. An unprivileged user can spawn a build (e.g., via guix build) that creates a world-writable build directory, then link a root-owned file (such as /etc/shadow). If the build later fails and the user used --keep-failed, the daemon can cha...