49 matches found
EUVD-2012-3414
Malware in sbrugna...
EUVD-2001-0047
Malware in sbrugna...
EUVD-2021-23634
Malware in sbrugna...
CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori...
CVE-2025-0758
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2024-47766 Permissions are incorrectly verified for project administrators in the cross tracker search widget
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictio...
SUSE-SU-2022:0509-1 Security update for cobbler
This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files bsc1193671. - CVE-2021-45082: Fixed incomplete template sanitation bsc1193678. The following non-security bugs were fixed: - Fix issues with installation module logging and validation...
SUSE-SU-2020:3187-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-22 fixes several issues. The following security issues were fixed: - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in...
HSBC Mobile Banking - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application HSBC Mobile Banking published at the 'play' market has multiple vulnerabilities...
Slack - Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Slack published at the 'play' market has multiple vulnerabilities...
Yandex Launcher & Wallpapers - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Yandex Launcher & Wallpapers published at the 'play' market has multiple vulnerabilities...
Safety at Home - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Safety at Home published at the 'play' market has multiple vulnerabilities...
Star Chart - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Star Chart published at the 'play' market has multiple vulnerabilities...
Monster High Ghouls and Jewels - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Monster High Ghouls and Jewels published at the 'play' market has multiple vulnerabilities...
Bubble Shooter Halloween - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Bubble Shooter Halloween published at the 'play' market has multiple vulnerabilities...
Crossword Unlimited - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Crossword Unlimited published at the 'play' market has multiple vulnerabilities...
SCRABBLE™ - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application SCRABBLE™ published at the 'play' market has multiple vulnerabilities...
Lux DLX (risk game ++) - BSD license, Base64 encoded String, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Lux DLX risk game ++ published at the 'play' market has multiple vulnerabilities...
Jurassic Dinosaur Simulator 3D - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Jurassic Dinosaur Simulator 3D published at the 'play' market has multiple vulnerabilities...