19 matches found
EUVD-1999-0129
Malware in sbrugna...
EUVD-2016-1223
Malware in sbrugna...
EUVD-2022-4715
Malicious code in bioql PyPI...
EUVD-2024-54706
Malicious code in bioql PyPI...
GHSA-X6PH-R535-3VJW apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files
It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache This issue was introduced in commit 04f37e2 "generate /etc/ld.so.cache 1629"v0.27.0. Impact This potentially allows a local unprivileged us...
CVE-2024-22177
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission...
CVE-2024-5994
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
CVE-2020-9128
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...
Alibaba Cloud Linux 3 : 0207: flatpak (ALINUX3-SA-2022:0207)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0207 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43860: Flatpak is a Linux application...
CVE-2024-13206
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit...
CVE-2025-22130
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...
Command Injection
@saltcorn/plugins-loader is vulnerable to command injection. The vulnerability is due to the lack of input validation on the user-controlled value req.body.name, allows users with admin permissions to manipulate the input by adding escaping characters, thereby executing arbitrary commands when th...
CVE-2024-22116
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...
CVE-2024-22116
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...
CVE-2022-30759
In Nokia One-NDS aka Network Directory Server through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands...
CVE-2021-25420
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log...
dotProject 2.1.3 XSS and Improper Permissions
No description provided by source...
libpng: Buffer overflow on row buffers
Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several other programs, including web browsers and potentially server processes. Description Due to a wrong calculation of loop offset values, libpng contains a buffer overflow vulnerabilit...
SGI IRIX 6.4 - Permissions Buffer Overflow
SGI IRIX 6.4 - Permissions Buffer Overflow // source: https://www.securityfocus.com/bid/417/info A buffer overrun exists in the permissions program, as shipped by Silicon Graphics with the 5.x and 6.x Irix operating system. By supplying a long, well crafted buffer as the 4th argument to the...