Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/05 3:31 a.m.7 views

EUVD-2026-9514

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00139EPSS
Exploits1References3
Snyk
Snyk
added 2025/09/22 7:45 p.m.5 views

Arbitrary Argument Injection

Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...

5.7CVSS7.1AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:52 p.m.7 views

BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS7.2AI score0.01326EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 p.m.9 views

CVE-2020-16282

In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system...

8.8CVSS6.8AI score0.00369EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/20 4:42 p.m.5 views

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...

9.6CVSS7.7AI score0.00974EPSS
Exploits0
Cvelist
Cvelist
added 2020/08/20 3:23 p.m.24 views

CVE-2020-16282

In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system...

8.4AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/11/17 2:0 a.m.26 views

CVE-2017-1000199

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handlerqcow.so resulting in non-privileged users being able to check for existence of any file with root privileges...

7.3AI score0.01463EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.60 views

F5 Networks BIG-IP : SSH vulnerability (K13600)

A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. The following platforms a...

5.6AI score
Exploits0References2
Rows per page
Query Builder