Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

CVE-2025-63296

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...

gnutls security update

3.8.3-6.2fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 3.8.3-6.2 - keyupdate: rework the rekeying logic RHEL-107498 3.8.3-6.1 - Fix CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, and...

Linux Distros Unpatched Vulnerability : CVE-2021-46940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset functio...

CVE-2019-6440

Zemana AntiMalware before 3.0.658 Beta mishandles update logic...

CVE-2022-49189 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3 and the final D value calculated results in underflow errors. As the curren...

CVE-2022-49189 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3 and the final D value calculated results in underflow errors. As the curren...

ASB-A-304082474

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-22651

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

Privilege escalation

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

CVE-2023-22651

CVE-2023-22651 — SUSE Rancher Webhook misconfiguration during upgrade : A failure in Rancher’s admission webhook update logic can misconfigure the webhook, potentially enabling privilege escalations in clusters upgrading from 2.6.x or 2.7.x to 2.7.2. Affected systems that were fresh-installed to ...

PT-2023-2916 · Suse · Suse Rancher

Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions 2.6.x through 2.7.x Description: The issue is related to improper privilege management in SUSE Rancher, allowing privilege escalation. A failure in the update logic of Rancher's admission Webhook may lead to the...

GSD-2022-1001500 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG

clk: qcom: clk-rcg2: Update logic to calculate D value for RCG This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

CVE-2019-6440

Zemana AntiMalware before 3.0.658 Beta mishandles update logic...

CVE-2019-6440

Zemana AntiMalware before 3.0.658 Beta mishandles update logic...

Code injection

Zemana AntiMalware before 3.0.658 Beta mishandles update logic...

CVE-2019-6440

Zemana AntiMalware before 3.0.658 Beta mishandles update logic...

CVE-2019-6440

Zemana AntiMalware before 3.0.658 Beta is affected by an issue in the update logic. The CVE describes mishandling of update logic, with affected product/version clearly stated as Zemana AntiMalware prior to 3.0.658 Beta. NVD metrics indicate high/critical impact (network attack vector, no authent...