311 matches found
PT-2025-24081 · Idf +1 · Idf +1
Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: A configuration error has been detected in cross-origin resource sharing CORS in the affected software. This issue can be exploited by authenticating to the device and...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to improper server configuration that fails to restrict access to sensitive files. An attacker can view sensitive configuration data, including database...
CVE-2024-35116
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335...
CVE-2022-20258
In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...
CVE-2022-45778
https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 = 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a...
CVE-2021-39672
In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701...
CVE-2021-21728
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This...
CVE-2019-3428
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage...
CVE-2018-21229
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R7500v2 before 1.0.3.20, R7800 before 1.0.2.38, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50...
CVE-2025-37876
The CVE-2025-37876 vulnerability affects the Linux kernel netfs subsystem. When CONFIG_NETFS_SUPPORTS=y is set but CONFIG_PROC_FS=n, netfs_init() can create /proc/fs/netfs, causing a kernel oops/BUG in mm/mempool.c and a crash. Root cause: /proc/fs/netfs is created without CONFIG_PROC_FS. Remedia...
PVS configuration wizard error - Unable to communicate with license server
When upgrading the PVS farm to PVS 2402, PVS configuration wizard could not progress further if "Validate license server communication" was checked, displaying an error "Unable to communicate with the license server, or the license server version is not compatible with this version of Citrix...
CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...
CVE-2025-31611 WordPress Auto Post After Image Upload plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through = 1.6...
Mageia: Security Advisory (MGASA-2025-0082)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow that could lead to a configuration error...
EulerOS 2.0 SP8 : openssl (EulerOS-SA-2025-1126)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory...
Fedora 41 : llvm-test-suite (2024-6d9aba8c3c)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6d9aba8c3c advisory. Remove ClamAV subdirectory because of viruses in input files: These were the findings: MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf:...
CVE-2024-37203 WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9...
Get-MonitorConfiguration returns an error after DDC/Site upgrade
When admin invokes a cmdlet: Get-MonitorConfiguration, the error is displayed: A database operation failed and could not be recovered : Reason ? CDF Control trace captured on the DDC shows the error: Monitor System Setting 'DisableGoogleAnalytics' exists in the database was loaded but not found i...
EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-2537)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory...