AZL-57776 CVE-2025-21780 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smusyssetpptable It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smusyssetpptable...

Cisco APIC Multiple Vulnerabilities (cisco-sa-apic-multi-vulns-9ummtg5)

According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by multiple vulnerabilities. - A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could...

CVE-2025-20119

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...

CVE-2025-20119 Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...

CVE-2025-20119 Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...

CVE-2025-20119

CVE-2025-20119 references describe a vulnerability in the Cisco APIC system responsible for handling system file permissions. The root cause is a race condition during system-file operations, which an authenticated, local attacker with valid administrative credentials could exploit to overwrite c...

PT-2025-8734 · Cisco · Cisco Apic

Name of the Vulnerable Software and Affected Versions: Cisco APIC affected versions not specified Description: A vulnerability in the system file permission handling could allow an authenticated, local attacker to overwrite critical system files, causing a DoS condition. The attacker must have...

CVE-2025-1556

A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has bee...

CicadasCMS 代码问题漏洞

CicadasCMS is a content management framework developed based on SpringBoot Mybatis SpringSecurity Vue by westboy Individual Developer in China. A code issue vulnerability exists in CicadasCMS version 1.0, which stems from a deserialization issue contained in the /system file of the Template...

PT-2025-7530 · Westboy · Cicadascms

Name of the Vulnerable Software and Affected Versions: westboy CicadasCMS version 1.0 Description: A vulnerability has been found in the Template Management component of westboy CicadasCMS, affecting some unknown processing of the file /system. The manipulation leads to deserialization. The attac...

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If anything else is returned by descriptionshow, it will access invalid memory...

Azure Linux 3.0 Security Update: clamav (CVE-2024-20506)

The version of clamav installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20506 advisory. - A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior version...

PT-2025-8892

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue exists in the Linux kernel, specifically in the drm/amdgpu component. This issue can be triggered when a malicious user provides a small pptable through sysfs and...

CVE-2022-39367

QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...

CVE-2024-47769

IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement...

CVE-2024-23459

An Improper Link Resolution Before File Access 'Link Following' vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7...

CVE-2024-6396

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

CVE-2025-24104

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files...