CVE-2022-35247

A information disclosure vulnerability exists in Rocket.chat...

EUVD-2024-49537

Malicious code in bioql PyPI...

CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

CVE-2024-8272

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...

CVE-2024-8272 macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...

Hazelcast Platform permission checking in CSV File Source connector

Impact In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Patches Fix...

CVE-2022-35247

A information disclosure vulnerability exists in Rocket.chat v5, v4.8.2 and v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients...

Information disclosure

A information disclosure vulnerability exists in Rocket.chat v5, v4.8.2 and v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients...

Helm Improper Certificate Validation

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

Rocket.Chat: getRoomRoles Method leaks Channel Owner

Summary Lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. Description Lack of ACL checks in the getRoomRoles Meteor method allow unauthorized clients to query channel members with special roles: javascript Meteor.methods...

CVE-2019-1010275

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

CVE-2019-1010275

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

UBUNTU-CVE-2019-1010275

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

CVE-2019-1010275

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

Design/Logic Flaw

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...

CVE-2019-1010275

The CVE-2019-1010275 entry concerns helm prior to 2.7.2, where CWE-295 (Improper Certificate Validation) allows unauthorized clients to connect to the server due to self-signed client certificates being accepted. The attack vector is network-based, via a malicious client connecting to the server....

PT-2019-11539 · Kubernetes · Helm

Name of the Vulnerable Software and Affected Versions: helm versions prior to 2.7.2 Description: The issue concerns improper certificate validation, allowing unauthorized clients to connect to the server because self-signed client certificates were allowed. A malicious client could exploit this b...

libvirt security update

5.0.0-4.el7 - logging: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - locking: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - admin: reject clients unless their UID matches the current UID Daniel P. Berrange Orabug: 29861433...

CVE-2018-5738 Some versions of BIND can improperly permit recursive query service to unauthorized clients

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

CVE-2018-1088

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink...