13 matches found
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the KillAction and RestartAction API handlers when a log entry is created with a nil binding through StartActionByGet using an invalid action ID. An attacker can cause repeated server-side panics and disrupt...
GHSA-FWHJ-785H-43HH OliveTin has crash on NPE by calling APIs with invalid bindings or log references
Summary An unauthenticated attacker can trigger server-side panics by first creating an execution log entry with a nil binding via StartActionByGet invalid action ID, then calling KillAction or RestartAction on that tracking ID. This causes a nil-pointer dereference in API handlers and results in...
OliveTin has crash on NPE by calling APIs with invalid bindings or log references
Summary An unauthenticated attacker can trigger server-side panics by first creating an execution log entry with a nil binding via StartActionByGet invalid action ID, then calling KillAction or RestartAction on that tracking ID. This causes a nil-pointer dereference in API handlers and results in...
GHSA-P443-P7W5-2F7F OliveTin's RestartAction always runs actions as guest
Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...
OliveTin's RestartAction always runs actions as guest
Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...
PT-2026-23615
Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin allows access to predefined shell commands from a web interface. A flaw exists in the RestartAction functionality where a low-privileged authenticated user can execute actions they are...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2014-6434
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the 1 a1 or 2 a2 parameter in a restart action...
CVE-2006-4316
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and...