34 matches found
AlmaLinux 10 : shadow-utils (ALSA-2025:20145)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20145 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
CVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940;...
CVE-2022-20145
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-20145
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...
CVE-2019-20145
An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 11.4 through 12.6.1. It has Incorrect Access Control...
CVE-2025-20145
A vulnerability in the access control list ACL processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress...
CVE-2025-20145
A vulnerability in the access control list ACL processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress...
CVE-2025-20145
Cisco IOS XR Software contains an ACL processing issue in the egress direction that can allow an unauthenticated, remote attacker to bypass a configured egress ACL. The root cause involves certain packets being mishandled when received on an ingress interface on one line card and destined to an e...
CVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940;...
CVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940;...
CVE-2024-20145
creationtimestamp| type| source ---|---|--- 2025-01-06 03:47:54+00:00| seen| https://infosec.exchange/users/cve/statuses/113779361337807155 2025-01-06 04:15:33+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2bkmggs72e 2025-01-06 04:42:50+00:00| seen|...
CVE-2024-20145
CVE-2024-20145 affects MediaTek V6 DA, where a missing bounds check can lead to an out-of-bounds write. The issue enables local escalation of privilege with physical access and user interaction required for exploitation. Patch ALPS09290940 addresses the flaw (MSV-2040).
CVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940;...
CVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940;...
CVE-2020-20145
creationtimestamp| type| source ---|---|--- 2023-08-22 22:24:57+00:00| seen| https://t.me/cibsecurity/68997...
CVE-2020-20145
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14834. Reason: This candidate is a reservation duplicate of CVE-2019-14834. Notes: All CVE users should reference CVE-2019-14834 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2020-20145
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14834. Reason: This candidate is a reservation duplicate of CVE-2019-14834. Notes: All CVE users should reference CVE-2019-14834 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2023-20145
creationtimestamp| type| source ---|---|--- 2023-04-05 22:41:15+00:00| seen| https://t.me/cibsecurity/61500...
CVE-2017-20145
creationtimestamp| type| source ---|---|--- 2022-07-25 12:32:50+00:00| seen| https://t.me/cibsecurity/46881...
CVE-2017-20145
CVE-2017-20145 affects Tecrail Responsive Filemanger up to version 9.10.x. The root cause is a path traversal vulnerability that enables remote access to files. Several connected sources corroborate a critical impact and indicate upgrading to version 9.11.0 as the fix. In at least one reference, ...