41 matches found
CVE-2025-2515
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node qm to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized...
EUVD-2025-205290
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node qm to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized...
CVE-2025-2515 Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node qm to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized...
EUVD-2025-202391
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
PT-2025-50303
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
EUVD-2016-7947
Malware in sbrugna...
EUVD-2022-25696
Malicious code in bioql PyPI...
EUVD-2022-25695
Malicious code in bioql PyPI...
CVE-2025-46018
CVE-2025-46018 affects CSC Pay Mobile App, version 2.19.4 (fixed in 2.20.0). A vulnerability in the Bluetooth-based payment authentication module allows a user to bypass payment authorization by disabling Bluetooth at a specific point during a transaction, potentially enabling unauthorized use of...
CVE-2023-3289
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system including admin. This results in unauthorized data manipulation...
CVE-2020-19676
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...
CVE-2024-57055
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client not the general-use JSON services and requires reverse...
CVE-2024-57055
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client not the general-use JSON services and requires reverse...
CVE-2023-3289
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system including admin. This results in unauthorized data manipulation...
BIT-CONSUL-2022-24687
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...
CVE-2023-4227
A vulnerability has been identified in the ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
CVE-2023-4227
A vulnerability has been identified in the ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...
Information disclosure
A vulnerability has been identified in the ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...