Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled i
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, p
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enfor
Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not
Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should r
Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to
Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrit
Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorizat
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU ra
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in u
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code
Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged softw