CLSA-2026-1778838399 golang: Fix of CVE-2026-32282

CVE-2026-32282: fix TOCTOU race in os.Root.Chmod on Linux that allowed symlink-based escapes from the restricted root by switching to fchmodat2 with /proc/self/fd fallback...

GHSA-QW64-3X98-G7Q2 go-billy has path traversal vulnerabilities

Impact Multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary...

PT-2026-41151

Name of the Vulnerable Software and Affected Versions go-billy versions prior to 5.9.0 Description Multiple path traversal issues exist across different components of the software due to insufficient path sanitization and boundary enforcement. This allows crafted paths, such as those using .., to...

CVE-2025-22873 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

PT-2026-6522

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the ability to improperly access the parent directory of os.Root by opening files wi...

EUVD-2016-7325

Malware in sbrugna...

CVE-2025-4231

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...

CVE-2025-48413 Hard-coded OS root credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations

The /etc/passwd and /etc/shadow files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device...

CVE-2025-48413

CVE-2025-48413 affects the eCharge Hardy Barth cPH2 and cPP2 charging stations. The root cause is hard-coded password hashes stored in the system files /etc/passwd and /etc/shadow that are shipped with update files. This allows an attacker to log into the device, potentially via an SSH backdoor o...

CVE-2019-15275 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

CVE-2016-8803

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage...

CVE-2016-8803

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage...

CVE-2016-8803

CVE-2016-8803 affects Huawei FusionStorage. The maintenance module in FusionStorage V100R003C30U1 allows a logged-in OS user to manipulate documents under specific rules to escalate to OS root privileges. Impact is privilege escalation with potential full control of the FusionStorage host; no exp...

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System UCS through 3.02d allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263...

Design/Logic Flaw

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System UCS through 3.02d allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263...

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System UCS through 3.02d allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263...

SA500 vulnerabilities - details

Hi Advisory by Cisco was published a few days ago Bugtraq ID: 48810. Now more details: 1. Unathenticated access to web management any user - including admin. Due to blind SQLi in the login form of web management port 443, https, login field, embedded sqlite DB, there is possible to obtain: a all...