DEBIAN-CVE-2025-32022

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

DEBIAN-CVE-2025-30224

MyDumper is a MySQL Logical Backup Tool. The MySQL C client library libmysqlclient allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted...

DEBIAN-CVE-2023-53011

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e "net: stmmac: Add support for DWMAC5 and implement Safety Features" all safety features were enabled by default. Late...

Baxter Life2000 安全漏洞

Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which originated when enabled by default, that allows sending and receiving of unencrypted messages, which could result in unauthorized...

CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

SNMP service is enabled by default in Sharp NEC Display Solutions projectors

Overview Multiple projectors provided by Sharp NEC Display Solutions, Ltd. are configured with SNMP service enabled by default, therefore can be accessed by specifying SNMP community name "public" CWE-1242 ,CVE-2024-7011. SNMP service configuration enable/disable cannot be changed on the manageme...

GHSA-HXWH-JPP2-84PM Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security...

CVE-2024-6222

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/4290 fixes the...

LoMag WareHouse Management 安全漏洞

LoMag WareHouse Management is a warehouse management software from LoMag. A security vulnerability exists in LoMag WareHouse Management version 1.0.20.120 and prior versions, which stems from a 10-character hard-coded password that is allowed by default...

SUSE CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

DEBIAN-CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

CVE-2023-0345 CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

PT-2023-15718 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.10.2 Description: The issue concerns JetBrains TeamCity, where jVMTI was enabled by default on agents. Recommendations: For versions prior to 2022.10.2, update to version 2022.10.2 or later to resolve...

SUSE CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

Directus 安全漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.7.0 that stems from the default setting of CORSORIGIN and CORSENABLED to true...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution via the customGitFetch feature, which is enabled by default. Remediation Upgrade github.com/sourcegraph/sourcegraph-public-snapshot/cmd/gitserver/server to version 4.1.0 or higher. References - GitHub Commit ...

CVE-2021-35235

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...

VulnCheck KEV: CVE-2021-21985

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...

D-Link DIR-802 操作系统命令注入漏洞

The D-Link DIR-802 is a wireless router from AUO D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-802 A1 1.00b05 and earlier versions, which stems from the system default of enabling Universal Plug and Play on port 1900. An attacker can exploit this vulnerabilit...

CVE-2019-11855

An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9...