7965 matches found
CVE-2026-0778
Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this...
CVE-2026-0778
CVE-2026-0778 concerns Enel X JuiceBox 40 Telnet service. The Telnet daemon, listening on TCP 2000, lacks authentication before allowing remote connections, enabling network-adjacent attackers to execute arbitrary code with the service account context. Documents from ZDI, Red Hat, NVD, CVE listin...
OPENSUSE-SU-2026:20100-1 Security update for gimp
This update for gimp fixes the following issues: Changes in gimp: - CVE-2025-14422: Fixed PNM File Parsing Integer Overflow bsc1255293 - CVE-2025-14423: Fixed LBM File Parsing Stack-based Buffer Overflow bsc1255294 - CVE-2025-14424: Fixed XCF File Parsing Use-After-Free bsc1255295 - CVE-2025-1442...
MiracleLinux 4 : openjpeg-1.3-8.AXS4 (AXSA:2012-758:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-758:01 advisory. OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, the new still-image...
CVE-2001-1517
RunAs runas.exe in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying tha...
CVE-2001-1518
RunAs runas.exe in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service RunAs hang by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the...
CVE-2019-16640
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled %00 and /var/./html are not checked, which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EGRGOS 11.9 B11P1...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...
CVE-2019-16641
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EGRGOS 11.11B1...
EUVD-2025-204980
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
UBUNTU-CVE-2025-14425
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2025-14425
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2025-14425 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
EUVD-2025-199687
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
CVE-2025-66269 Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
CVE-2025-66269 Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
CVE-2025-66266 Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : FFmpeg vulnerabilities (USN-7830-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7830-1 advisory. It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in th...
CVE-2025-9574
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166...
EUVD-2025-35083
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166...