17 matches found
EUVD-2026-9502
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager...
CVE-2022-31791
WatchGuard Firebox and XTM appliances allow a local attacker that has already obtained shell access to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
EUVD-2025-0227
Malicious code in bioql PyPI...
EUVD-2024-2499
Malicious code in bioql PyPI...
CVE-2025-48067 OctoPrint vulnerable to possible file extraction via upload endpoints
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the...
PT-2025-24361 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.3 Description: The issue allows a local attacker to cause an information leak through the get permission. Recommendations: For versions prior to 5.0.3, update to a version that contains a fix for this issue. ...
CVE-2021-32953
An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login...
Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF
Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. document.getElementById"test".submit;...
Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF
Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. PoC...
GHSA-WP79-CPV2-9G7M Arbitrary shell command execution in Jenkins EC2 Plugin
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...
Security update for permissions (moderate)
openSUSE Security Update: Security update for permissions Announcement ID: openSUSE-SU-2021:1520-1 Rating: moderate References: 1028975 1029961 1093414 1133678 1148788 1150345 1150366 1151190 1157498 1160285 1160764 1161335 1161779 1163588 1167163 1169614 1171164 1171173 1171569 1171580 1171686...
Privilege escalation
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller SHC before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have...
CVE-2017-1000108
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead...
Windows Default Folder Tampering Vulnerability
A tampering vulnerability exists in Microsoft Windows that could allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are synchronized the first time when a user...
mapr Information Disclosure
Hello, The mapr web frontend component creates an information disclosure vulnerability. During the setup of mapr the configure.sh script calls a function ConfigureWSRole: function ConfigureWSRole if $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ; then ConfigureRunUserForWS fi This...
Fedora Core 10 FEDORA-2009-3931 (prelude-manager)
The remote host is missing an update to prelude-manager announced via advisory FEDORA-2009-3931. OpenVAS Vulnerability Test $Id: fcore20093931.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-3931 prelude-manager Authors: Thomas Reinke Copyright:...
CVE-2008-2331
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator...