61 matches found
CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...
CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...
EUVD-2026-21418
Vikunja vulnerable to Privilege Escalation via Project Reparenting...
GHSA-2VQ4-854F-5C72 Vikunja vulnerable to Privilege Escalation via Project Reparenting
Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...
Vikunja vulnerable to Privilege Escalation via Project Reparenting
Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...
PT-2026-31946
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006809)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006809 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change whe...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988770)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988770 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...
SUSE SLED15: libQt5Bootstrap-devel-static / libQt5Bootstrap-devel-static-32bit / etc (SUSE-SU-2025:3723-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3723-1 advisory. Security issues fixed: - CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigg...
Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: Security issues fixed: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986756)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986756 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986329)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986329 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986534)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986534 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...
EUVD-2022-25735
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-38041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we...
CVE-2025-38041
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...
AZL-70280 CVE-2025-38041 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...
UBUNTU-CVE-2025-38041
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the clk driver not properly re-parenting the H616 GPU clock frequency when it changes...
CVE-2022-20475
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...