CVE-2026-29133

SEPPmail Secure Email Gateway (before v15.0.3) allows an attacker to upload PGP keys whose UIDs do not match the recipient email address, enabling potential impersonation or confusion in key-management workflows. The CVE-2026-29133 entry confirms the affected product and condition; CVSS 4.0 vecto...

CVE-1999-0656

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names...

EUVD-1999-0639

Malware in sbrugna...

EUVD-2005-3253

Malware in sbrugna...

EUVD-2023-2156

Malicious code in bioql PyPI...

CVE-2012-4602

Multiple cross-site scripting XSS vulnerabilities in admin/code/tceselectuserspopup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the 1 cid or 2 uids parameter...

CVE-2011-3918

The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service reboot loop via a crafted application...

Linux Distros Unpatched Vulnerability : CVE-2020-35512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and older branches = 1.10.30 when a...

GO-2023-1901 Pipelines do not validate child UIDs in github.com/tektoncd/pipeline

Pipelines do not validate child UIDs in github.com/tektoncd/pipeline...

CBL Mariner 2.0 Security Update: kernel (CVE-1999-0656)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-1999-0656 advisory. - The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying...

GHSA-W2H3-VVVQ-3M53 Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

GHSA-F683-35W9-28G5 Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...

Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...

CVE-2022-47409

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations...

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency “CISA” that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020,...

Advisory ROSA-SA-2021-1977

Software: sssd 1.16.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-16883 CVE-Crit: MEDIUM CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the "alloweduids" configuration parameter. If sensitive information was stored in a user's directory, it...

GO-2021-0070 Privilege escalation in github.com/opencontainers/runc

GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will improperly interpret numeric UIDs as usernames. If the method is used without verifying that usernames are formatted as expected, it may allow a user to gain unexpected privileges...

SYS.1.3.A2

Jeder Login-Name, jede Benutzer-ID User-ID, UID und jede Gruppen-ID GID DARF NUR einmal vorkommen. Jeder Benutzer MUSS Mitglied mindestens einer Gruppe sein. Jede in der Datei /etc/passwd vorkommende GID MUSS in der Datei /etc/group definiert sein. Jede Gruppe SOLLTE nur die Benutzer enthalten, d...