Linux Distros Unpatched Vulnerability : CVE-2015-3156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in...

The vulnerability of the executable file Def.exe of the Interactive Graphical SCADA System (IGSS) module allows a intruder to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability of the executable file Def.exe of the Interactive Graphical SCADA System IGSS module involves the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information or execute...

CVE-2025-0914

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

SUSE CVE-2025-0914

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

CLSA-2025-1740645491 python3.11: Fix of CVE-2023-27043

CVE-2023-27043: add a strict parsing mode to prevent incorrect address interpretation. By default, strict=True is enabled. If you need the legacy behavior, explicitly set strict=False when calling parseaddr or getaddresses - Additionally, strict parsing can be disabled globally by setting the...

USN-7287-1 libcap2 vulnerability

Tianjia Zhang discovered the libcap2 PAM module pamcap incorrectly handled parsing group names in the configuration file. This could result in certain users being granted capabilities, contrary to expectations...

CVE-2024-45673

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user...

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

K000149845: pam_access vulnerability CVE-2024-10963

Security Advisory Description A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for...

Cisco AsyncOS Input Validation Error Vulnerability (CNVD-2025-03529)

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

SUSE CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-45718

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data...

PT-2025-6914

Name of the Vulnerable Software and Affected Versions: libcap affected versions not specified Description: The PAM module pam cap.so of libcap configuration incorrectly recognizes configurations not starting with "@" as group names, potentially leading to nonintended users being granted an...

CVE-2024-45718

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data...

CVE-2024-45718 Sensitive data disclosure vulnerability

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data...

CVE-2024-45718

The CVE-2024-45718 vulnerability affects SolarWinds Kiwi Syslog Server NG (pre-1.3.1). Local, low-privilege access can reveal sensitive data stored in configuration files to non-privileged users. Impact is data exposure as described; exploitation details aren’t provided. Remediation: upgrade to v...

CVE-2024-45718 Sensitive data disclosure vulnerability

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data...

Siemens SCALANCE Series 输入验证错误漏洞

The Siemens SCALANCE Series is a family of industrial communication devices from Siemens Germany. An input validation error vulnerability exists in the Siemens SCALANCE Series, which arises from an affected device not properly validating input when loading a configuration file. This could allow a...