10 matches found
CVE-2026-32964
The affected products are SD-330AC and AMC Manager by Silex Technology, Inc. The vulnerability is a CRLF Injection due to improper neutralization, where processing crafted configuration data can cause arbitrary entries to be injected into the system configuration. This is the root cause and the p...
PT-2026-33702
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...
CVE-2026-4325 Keycloak: keycloak: replay of action tokens via improper handling of single-use entries
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
CVE-2026-4325
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
Sudoedit Extra Arguments Privilege Escalation Exploit
This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit aka sudo -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of...
MGASA-2023-0025 Updated sudo packages fix security vulnerability
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...
Design/Logic Flaw
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...
Hardcoded credentials
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values CSV file. This can be used by attackers to hide data in the Graphical User Interface GUI view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' a...
Cisco Firepower Threat Defense Log Modification Vulnerability
Cisco Firepower is a firewall device developed by Cisco. A security vulnerability in the Cisco Firepower Threat Defense logging subsystem allows an unauthenticated remote attacker to exploit the vulnerability to add arbitrary entries to the logging system...
Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense FTD Firepower Device Manager FDM could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. The vulnerability is due to inadequate input validation. An attacker could exploit this...