15 matches found
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. A vulnerability exists starting from version 2.2, and is related to out-of-bounds reads and integer overflow leading to buffer overflow. This vulnerability is present in versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, the Redis BIT...
Ivanti Avalanche Code Execution Vulnerability
Ivanti Avalanche is an enterprise mobile device management system from Ivanti for managing mobile devices such as smartphones and tablets. A code execution vulnerability exists in Ivanti Avalanche, which stems from an incomplete configuration restriction, and can be exploited by an attacker to...
CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...
CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2017-13911
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2...
PT-2025-4766
Name of the Vulnerable Software and Affected Versions Yubico pam-u2f versions prior to 1.3.1 Description The issue allows for an authentication bypass in some configurations, potentially leading to local privilege escalation. An attacker would require access to the system as an unprivileged user...
CVE-2022-3321 Lock WARP switch feature bypass on WARP mobile client for iOS
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in...
Design/Logic Flaw
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel...
CVE-2017-7977
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel...
CVE-2017-7977
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel...
CVE-2017-7977
The CVE affects Unicon Software eLux RP, specifically the Screensavercc component, with impact on versions prior to 5.5.0. An attacker can inject commands through the local configuration dialog in the control panel to bypass configuration restrictions and execute arbitrary commands with root priv...
KLA11372 Multiple vulnerabilities in OpenOffice
Multiple serious vulnerabilities have been found in OpenOffice. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities: Below is a complete list of vulnerabilities: 1. Lack o...
FreeBSD : rssh -- configuration restrictions bypass (a4598875-ec91-11e1-8bd8-0022156e8794)
Derek Martin rssh maintainer reports : John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions scp to the entire system, potentially circumventing any configured...
Juniper Junos load factory-default Privilege Escalation (PSN-2012-07-646)
According to its self-reported version number, the remote Junos device has a privilege escalation vulnerability. When the 'load factory-default' command fails in exclusive edit mode, the user is no longer subject to any command or configuration restrictions. C Tenable Network Security, Inc...
PHP: Multiple security vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Several security vulnerabilities were found and fixed in version 4.3...