8 matches found
EUVD-2026-9514
International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...
Arbitrary Argument Injection
Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...
BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2020-16282
In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system...
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...
CVE-2020-16282
In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system...
CVE-2017-1000199
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handlerqcow.so resulting in non-privileged users being able to check for existence of any file with root privileges...
F5 Networks BIG-IP : SSH vulnerability (K13600)
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. The following platforms a...