CVE-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. A security bypass vulnerability exists in Apache Airflow, which is...

PT-2025-44369

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-62503 Description A user possessing CREATE privilege but lacking UPDATE privilege for Pools, Connections, and Variables can modify existing records through the bulk create API utilizing the overwrite action. This allows...

Amazon Linux AMI : ppp (ALAS-2025-1980)

The version of ppp installed on the remote host is prior to 2.4.5-11.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1980 advisory. The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Tenable has extracted the preceding...

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

PT-2025-9028 · Xiq-Se · Xiq-Se

Name of the Vulnerable Software and Affected Versions: XIQ-SE versions prior to 24.2.11 Description: The issue is due to a missing access control check, allowing a path traversal that may lead to privilege escalation. Recommendations: For versions prior to 24.2.11, update to version 24.2.11 or...

CVE-2024-43530

CVE-2024-43530 is a Windows Update Stack Elevation of Privilege vulnerability. The connected documents confirm this vulnerability affects Windows Update Stack and is associated with an elevated-privilege impact (CVE ID listed with “Obtaining elevated privileges/privilege escalation”) and a local-...

CVE-2024-50490 WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through = 1.0.2...

Debian dsa-5784 : liboath-dev - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5784 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5784-1 [email protected] https://www.debian.org/security/...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Complex Maintenanc...

Windows Update Stack Elevation of Privilege Vulnerability

...

OPENSUSE-SU-2023:0069-1 Security update for amanda

This update for amanda fixes the following issues: - CVE-2022-37704: fix privilege escalation via rundump boo1208033, ghzmanda/amanda195 - CVE-2022-37705: fix privilege escalation via runtar suid binary boo1208032, ghzmanda/amanda194...

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

...

PT-2022-14481 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a configuration error in Bluetooth that could allow bypassing compiler exploit mitigations. This could lead to local escalation of privilege without requiring additional executi...

Mageia: Security Advisory (MGASA-2021-0121)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Race condition

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a...

MGASA-2021-0121 Updated postgresql packages fix security vulnerabilities

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message CVE-2021-3393. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of...

CVE-2021-1729

Windows Update Stack Setup Elevation of Privilege Vulnerability...

HPSBHF03707 rev. 1 - AMD® Ryzen Master™ Driver October 2020 Security Update

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: AMD VULNERABILITY SUMMARY AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Driver which might allow escalation of privileges. For detaile...

Important: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...