18 matches found
EUVD-2025-209556
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...
OpenClaw 安全漏洞
OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...
CVE-2025-14262
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...
EUVD-2025-201697
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...
CVE-2025-14262
KNIME Business Hub vulnerability CVE-2025-14262 affects KNIME Business Hub prior to 1.17.0. A wrong permission check allowed an authenticated user to save another user’s jobs as if owned by the job owner, potentially enabling saves into spaces where the attacker lacked write permissions. The atta...
CVE-2025-54970
BAE Systems SOCET GXP prior to version 4.6.0.2 contains a vulnerability in the Job Status Service where requests are not authenticated. In affected configurations, remote or local users may abort jobs or read information without the job owner’s permissions. The issue is documented across multiple...
EUVD-2018-5596
Malware in sbrugna...
EUVD-2021-27023
Malware in sbrugna...
EUVD-2010-3758
Malware in sbrugna...
EUVD-2025-7159
Malicious code in bioql PyPI...
DEBIAN-CVE-2024-36137
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...
ALPINE-CVE-2024-36137
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...
PT-2022-4713
Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.6.7 SUSE Rancher versions prior to 2.5.16 Description The issue is related to an Improper Authorization vulnerability in SUSE Rancher. It allows any user with permissions to create or edit cluster role template...
PT-2021-21685 · Canonical · Multipass
Name of the Vulnerable Software and Affected Versions: Multipass version 1.7.0 through 1.7.1 Description: The issue concerns the MacOS version of Multipass, where the application directory was accidentally installed with incorrect owner permissions. Recommendations: For Multipass version 1.7.0 an...
openSUSE Security Update : inn (openSUSE-2020-1272)
This update for inn fixes the following issues : - change file owners in /usr/lib/news to root boo1172573 CVE-2020-8026 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2020-1272. The text description of...
Fedora 26 : community-mysql (2017-50c790aaed)
A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz1497694 : Fix owner and perms on log file in post script CVE fixes: rhbz1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-102...
FreeBSD : Mailman -- XSS in web interface (4ab29e12-e787-11df-adfa-00e0815b8da8)
Secunia reports : Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrar...
Cross site scripting
Cross-site scripting XSS vulnerability in the Organic Groups OG module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors...