212 matches found
CVE-2010-20115
Arcane Software’s Vermillion FTP Daemon vftpd versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and...
CVE-2010-20115 Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption
Arcane Software’s Vermillion FTP Daemon vftpd versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and...
CVE-2010-20115
Vulnerability CVE-2010-20115 affects Vermillion FTP Daemon (vftpd) up to and including version 1.31. Root cause: memory corruption from an out-of-bounds array access during parsing of the FTP PORT command. Impact: potential arbitrary code execution with high confidentiality/integrity/availability...
PT-2025-34309 · Unknown · Vermillion Ftp Daemon
Name of the Vulnerable Software and Affected Versions: Vermillion FTP Daemon vftpd versions through 1.31 Description: The Vermillion FTP Daemon vftpd contains a memory corruption issue triggered by a malformed FTP PORT command. The flaw is due to an out-of-bounds array access during input parsing...
Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-50208: RDMA/bnxtre: Fix a bug while setting up Level-2 PBL pages bsc1233118 CVE-2024-50250: fsdax: daxunshareiter needs to copy entire blocks bsc1233227 CVE-2024-53146: NFSD: prevent a potential integer overflo...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-50208: RDMA/bnxtre: Fix a bug while setting up Level-2 PBL pages bsc1233118 CVE-2024-50250: fsdax: daxunshareiter needs to copy entire blocks bsc1233227 CVE-2024-53146: NFSD: prevent a potential integer...
Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173:...
USN-7524-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
Ubuntu 24.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-7524-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7524-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...
CVE-2021-27990
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities...
CVE-2018-21007
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads...
CVE-2025-3923
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pdalitecustompermissioncheck' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated...
CVE-2025-3861
CVE-2025-3861 affects the WordPress plugin Prevent Direct Access – Protect WordPress Files (versions 2.8.6–2.8.8.2). A misconfigured capability check in pda_lite_custom_permission_check allows authenticated users with Contributor+ privileges to access and modify the protection status of media. At...
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pdalitecustompermissioncheck' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated...
PT-2025-17883 · WordPress · Prevent Direct Access – Protect Wordpress Files
Name of the Vulnerable Software and Affected Versions: Prevent Direct Access – Protect WordPress Files plugin versions up to, and including, 2.8.8 Description: The issue allows unauthenticated attackers to extract sensitive data, including files protected by the plugin, due to insufficient...
WordPress plugin Prevent Direct Access 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Prevent Direct Access 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
USN-7383-2 linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; -...
DEBIAN-CVE-2024-53219
In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...