EUVD-2016-6383

Malware in sbrugna...

EUVD-2016-5558

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-984837)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984837 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.40 and prior, 8.4.3 a...

EUVD-2023-47249

Malicious code in bioql PyPI...

Important: ppp

Issue Overview: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2019-18909

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges...

CVE-2019-19202

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request...

PT-2025-20749 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.7.6 macOS Sequoia versions prior to 15.5 macOS Sonoma versions prior to 14.7.6 Description: An input validation issue was addressed by removing the vulnerable code. A malicious app may be able to gain root...

CVE-2022-1804 Accountsservice incorrectly drops privileges

accountsservice no longer drops permissions when writting .pamenvironment...

Linux Distros Unpatched Vulnerability : CVE-2012-2653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root...

GHSA-9WMC-988H-2MV2 TeamPass privileges issue

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different userid...

TeamPass privileges issue

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different userid...

CVE-2024-44224

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A malicious app may be able to gain root privileges...

PT-2024-30964 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 iOS versions prior to 18 iPadOS versions prior to 18 Description: A permissions issue allowed a malicious app with root privileges to potentially access keyboard input and location information without user consent...

CVE-2024-27817

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges...

GHSA-CVX5-7VC7-RG77 Tomcat uses trusted privileges when processing web.xml file

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file...

OPENSUSE-SU-2019:2176-1 Security update for openldap2

This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption bsc1143194. - CVE-2019-13057: Fixed an issue with delegated database admin privileges bsc1143273. - CVE-2017-17740: Wh...

CVE-2014-8949

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...

CVE-2014-8949

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...