213 matches found
CLSA-2025-1759433716 samba: Fix of CVE-2020-25717
CVE-2020-25717: Adapt CVE's patch to Centos 6 based systems where regular user id starts from 500, so change the default value of the new config parameters added: "min domain uid" to 500...
Configure a Proper Value for MaxAuthTries
MaxAuthTries indicates the maximum number of user authentication failures allowed in a single connection. If the number of user authentication failures exceeds the value, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 3. If this...
Configure a Proper Value for LoginGraceTime
LoginGraceTime is used to limit the login time of a user. If a user does not complete the login within the time specified by LoginGraceTime, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 60, in seconds. If this field is set to a...
Google Android Information Disclosure Vulnerability (CNVD-2025-23028)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an insecure default value flaw in the generateRandomPasword function in LocalBluetoothLeBroadcast.java. An attacker can exploit the leak to obtai...
CVE-2025-48563
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32330
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...
CVE-2025-32330
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...
PT-2025-36082
Name of the Vulnerable Software and Affected Versions: RemoteFillService.java affected versions not specified Description: The RemoteFillService.java component contains a flaw in the onNullBinding function related to an insecure default value. This can result in unauthorized background activity...
CVE-2025-5383
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. Th...
Yifang CMS 安全漏洞
Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from a cross-site scripting attack due to incorrect operation of the parameter Default Value...
CVE-2024-44096
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44099
There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-47016
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-43120
A cross-site scripting XSS vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field...
CVE-2022-20342
In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...
CVE-2021-0468
In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2020-0271
In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081...
CVE-2020-0416
In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9...
Configure a Proper Value for audit_backlog_limit
auditbackloglimit sets the buffer queue length for audit events awaiting transfer to the audit service. The default value is 64. If the queue is full, audit events are discarded and an alarm log is generated, indicating that the queue is full. If the value is too small, audit events may be lost. ...
Configure a Proper Value for LoginGraceTime
LoginGraceTime is used to limit the login time of a user. If a user does not complete the login within the time specified by LoginGraceTime, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 60, in seconds. If this field is set to a...