MiracleLinux 7 : samba-4.4.4-13.el7 (AXSA:2017-1654:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1654:02 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2016-2125 RESERVED...

EUVD-2026-2125

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack...

CVE-2019-2125

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for...

ECHO-23B6-2125-81D0

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2012-2125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a...

CVE-2009-2125

deletebug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...

CVE-2025-2125

CVE-2025-2125 affects Control iD RH iD 25.2.25.0, specifically the PDF Document Handler. The vulnerability lies in the handling of the parameter nsr for the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1, causing improper control of resource identifiers. The issue is exploitable remote...

Linux Distros Unpatched Vulnerability : CVE-2022-2125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2125 Note that Nessus relies on the presence of the package as reported by the...

Linux Distros Unpatched Vulnerability : CVE-2016-2125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba...

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters for WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) up to version 2.3 due to missing nonce validation in gallery_add, allowing unauthenticated attackers to upload arbitrary files if a site admin is tricked into performing an act...

WordPress EnvíaloSimple Plugin <= 2.3 is vulnerable to Arbitrary File Upload

Software EnvíaloSimple Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2125 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 3f5859f4f7d7 Credits Francesco Carlucci Required privilege...

Oracle Linux 7 : ovmf (ELSA-2019-2125)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2125 advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing atta...

BELL-CVE-2022-2125 CVE-2022-2125 does not affect BellSoft software

Bulletin has no description...

Amazon Linux 2 : compat-libtiff3 (ALAS-2023-2125)

The version of compat-libtiff3 installed on the remote host is prior to 3.9.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2125 advisory. A NULL pointer dereference in TIFFClose is caused by a failure to open an output file non-existent path or a path that...

EulerOS Virtualization 3.0.6.0 : vim (EulerOS-SA-2023-2251)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Buffer Over-read in function grabfilename in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing...

EulerOS Virtualization 3.0.2.0 : vim (EulerOS-SA-2023-1736)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 - Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-0413,...

RHEL 8 : libreswan (RHSA-2023:2125)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:2125 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...