10 matches found
CVE-2026-35607
CVE-2026-35607 affects File Browser. Before version 2.63.1, a fix that prevented execution rights from being inherited by self-registered users was not applied to the proxy authentication path, causing auto-created proxy-auth users on first successful login to inherit Execute permissions and Comm...
CVE-2025-46686
Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this i...
CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak
containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...
CVE-2021-1392
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...
CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...
CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...
CVE-2018-7924
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
USN-2745-1: QEMU vulnerabilities
Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-5239 Qinghao...
CVE-2009-5012
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session...
Caldera Systems security advisory: libcurses, atcronsh, rtpm
Caldera Systems, Inc. Security Advisory Subject: curses library, rtpm, atcronsh Advisory number: CSSA-2001-SCO.1 Issue date: 2001 June, 22 Cross reference: 1. Problem Description A buffer overrun vulnerability has been found in the curses library. A malicious user could attack a setuid,gid comman...