InvenTree 授权问题漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.7 and 1.3.0 contained authorization vulnerabilities. These vulnerabilities stemmed from improper...

SUSE SLES15 / openSUSE 15 Security Update : slurm_22_05 (SUSE-SU-2025:01756-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01756-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user ...

CVE-2019-17201

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...

Dell OpenManage Server Administrator Authorization Issues Vulnerability

Dell OpenManage Server Administrator Dell OMSA is a software agent from Dell Dell USA. Provides a comprehensive one-to-one systems management solution in two ways. An authorization issue vulnerability exists in Dell OpenManage Server Administrator version 11.0.1.0 and prior versions, which stems...

PT-2024-37604 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to, and including, 5.8.9 Description: The issue is due to a lack of validation on user-supplied data in the 'pm upload image' AJAX action, allowing...

CVE-2022-27651

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with...

CVE-2022-27650

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

CVE-2022-24769

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...

CVE-2019-18916

The CVE affects HP LaserJet Solution Software for certain HP LaserJet printers, where a flaw in the printer’s solution for setting user privileges may enable unauthorized elevation of privilege on the client (local access). HP has released updates; for example, HP Color LaserJet Pro MFP M277 mode...

CVE-2018-10959

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch...

[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02794777 Version: 1 HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux IC-Linux, Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information...