28 matches found
SUSE-SU-2026:21989-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Update to version 20260430.00 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604...
CVE-2026-26191
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. When a...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...
CVE-2026-26191 Fleet vulnerable to OS command injection in software packages
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. When a...
CVE-2026-26191
Fleet prior to version 4.81.0 is affected by a vulnerability in the software installer pipeline where metadata from uploaded packages (pkg, deb, rpm, exe, msi) is used to generate uninstall scripts without proper sanitization. A crafted package could cause arbitrary commands to run with root priv...
PT-2026-28628
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1 Description Fleet is open source device management software susceptible to a command injection issue within its software installer pipeline. This allows an attacker to execute arbitrary code as root macOS/Linux o...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
EUVD-2026-12831
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063
The CVE concerns Arturia Software Center on macOS. A plugin install creates an uninstall.sh script in a root-owned path with 777 permissions, writable by any user. During plugin uninstall, the Privileged Helper is instructed to execute this script. If an attacker manipulates the script, this can ...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
PT-2026-26067
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
Arturia Software Center 安全漏洞
Arturia Software Center is an application developed by the French company Arturia, used for managing, installing, and updating music production software and plugins. There is a security vulnerability in Arturia Software Center, which stems from improper permission settings in the uninstall.sh...
EUVD-2025-122980
Malicious code in quasar-ceres-morgan-uninstall npm...
EUVD-2025-112102
Malicious code in jsonp-vuepress-uninstall-ceres npm...
CVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...
EUVD-2025-48941
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to MacOS and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileg...
CVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...