PYSEC-2026-126

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

GHSA-CCXC-X975-4HH9 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted `ssl_verify` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586)

Summary The setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general", "sslverify" is not on that allowlist. Any authenticated user with the non-admin SETTINGS...

SUSE CVE-2010-0830

Integer signedness error in the elfgetdynamicinfo function in elf/dynamic-link.h in ld.so in the GNU C Library aka glibc or libc6 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value...

glibc: ld.so d_tag signedness error in elf_get_dynamic_info

Integer signedness error in the elfgetdynamicinfo function in elf/dynamic-link.h in ld.so in the GNU C Library aka glibc or libc6 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value...

PT-2002-2419 · Pgp +1 · Pgp +1

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook plug-in PGP versions 7.0, 7.0.3, and 7.0.4 Description: The issue arises when the "Automatically decrypt/verify when opening messages" option is checked and the "Always use Secure Viewer when decrypting" option is not checke...