11 matches found
CVE-2025-15506
creationtimestamp| type| source ---|---|--- 2026-01-11 11:40:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mc5gwwh73g22 2026-01-11 13:27:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115876695460772125...
CVE-2025-15506
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
CVE-2020-15506
creationtimestamp| type| source ---|---|--- 2021-09-05 16:58:17+00:00| published-proof-of-concept| https://t.me/infosec1z/47...
MobileIron Core 10.3.0.x < 10.3.0.4-19 / 10.4.0.x < 10.4.0.4-22 / 10.5.1.1 < 10.5.1.1-22 / 10.5.2.1 < 10.5.2.1-14 / 10.6.0.1 < 10.6.0.1-19 / 10.7.0.0 < 10.7.0.0-28
According to its self-reported version number, the installation of MobileIron Core on the remote host is affected by multiple vulnerabilities: - A remote command execution vulnerability exists in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier. An...
QIWI: MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass
Last week, details about 3 CVEs affecting MobileIron MDM product were disclosed. When combined, an attacker can achieve unauthenticated remote code execution with arbitrary Java deserialization vector : - CVE-2020-15505 - Remote Code Execution - CVE-2020-15506 - Authentication Bypass -...
CVE-2020-15506
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors...
CVE-2020-15506
CVE-2020-15506 is an authentication bypass in MobileIron Core & Connector, affecting 10.3.0.3 and earlier, 10.4.x, 10.5.x, and 10.6.0.0. The public description states that remote attackers can bypass authentication via unspecified vectors. Connected sources confirm the issue is an auth bypass in ...
CVE-2020-15506
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Recent assessments: wvu-r7 at...
CVE-2019-15506
Kaseya Virtual System Administrator (VSA) up to 9.4.0.37 contains an information disclosure vulnerability. An unauthenticated attacker can issue properly formatted web requests and download sensitive files and information. The /DATAREPORTS directory (and other directories) can be exploited to har...
CVE-2018-15506
BubbleUPnP 0.9 update 30 is affected by an XML External Entity Processing (XXE) vulnerability in the SSDP/UPnP XML parsing engine. Remote, unauthenticated attackers could (1) read arbitrary files with the running user’s permissions, (2) initiate SMB connections to capture NetNTLM credentials, and...
CVE-2017-15506
CVE-2017-15506 is rejected; this CVE ID is not used and does not represent an active entry.