GHSA-JRC5-W569-H7H5 phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ

Summary A review of phpMyFAQ-main uncovered an authorization issue in the admin-api routes. Several backend endpoints only check whether the caller is logged in. They do not verify that the caller actually has backend or administrative privileges. As a result, a normal frontend user can access AP...

Design/Logic Flaw

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

SUSE CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

SUSE CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

SUSE CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

Ubuntu 16.04 ESM / 18.04 LTS : shadow vulnerabilities (USN-5254-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5254-1 advisory. It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose...

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2019-2427)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : shadow-utils (EulerOS-SA-2019-2427)

According to the versions of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed...

Shimo VPN helper tool deleteConfig denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...

CleanMyMac X removeKextAtPath privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. Tested Versions Clean My Mac X 4.04 Product URLs...

Clean My Mac X removeLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

UBUNTU-CVE-2018-17231

DISPUTED Telegram Desktop aka tdesktop 1.3.14 might allow attackers to cause a denial of service assertion failure and application exit via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described...

CVE-2018-17231

Telegram Desktop aka tdesktop 1.3.14 might allow attackers to cause a denial of service assertion failure and application exit via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack...

CVE-2018-17231

Telegram Desktop aka tdesktop 1.3.14 might allow attackers to cause a denial of service assertion failure and application exit via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack...

Microsoft Guidance to mitigate L1TF variant

Executive Summary On January 3, 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown. Microsoft is aware of a new speculative execution side channel vulnerability known as ...

Cross site scripting

DISPUTED The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...

CVE-2017-16870

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...

CVE-2017-12424

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...

Buffer overflow

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...