44 matches found
CVE-2025-67450
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-59887
Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-59889
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...
CVE-2025-59889
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...
CVE-2025-59889
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...
EUVD-2025-34139
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package...
EUVD-2019-5597
Malware in sbrugna...
Google Android Denial of Service Vulnerability (CNVD-2025-24502)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability caused by resource exhaustion when repeatedly adding allowed packages to the allowPackageAccess function in multiple files. An attacker could exploit the...
CVE-2025-26463
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26463
CVE-2025-26463 affects Android components where the vulnerability is in the function or flow that handles allowPackageAccess across multiple files, leading to resource exhaustion. The underlying impact is a local persistent denial of service with no additional execution privileges needed and no u...
CVE-2025-26463
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-36027
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: Resource exhaustion is possible in the allowPackageAccess function across multiple files when repeatedly adding allowed packages. This can result in a local...
CVE-2023-3964
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...
CVE-2024-41728
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...
gitea -- multiple issues
The Gitea team reports: Do not allow Ghost access to limited visible user/org Fix package access for admins and inactive users...
PT-2020-13798 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 0.37.1 Description: The issue allows an authenticated user to gain arbitrary access to Python's os package in the web application process. This enables the user to list and access files, environment variables...
Arbitrary Code Execution
java is vulnerable to arbitrary code execution. The vulnerability exists through missing package access checks in the Naming/JNDI component...
OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commente...
OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commente...
OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commente...