Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users’ passwords, allowing for full domain takeover...

corosync: Stack buffer overflow from 'orf_token_endian_convert'

A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior...

CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

PT-2024-3766 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 9.5.0 through 9.5.17 Grafana versions 10.0.0 through 10.0.12 Grafana versions 10.1.0 through 10.1.8 Grafana versions 10.2.0 through 10.2.5 Grafana versions 10.3.0 through 10.3.4 Description: The issue is related to a Broken...

SUSE CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

CVE-2022-20377

In TBD of keymasteripc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

[SECURITY] Fedora 36 Update: golang-contrib-opencensus-resource-0.1.2-7.fc36

Go packages for auto discovery of resource information in various environment s. The resourcekeys packages defines well-known type and label key strings that are used by the other packages...

ALPINE-CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

CVE-2018-15576

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key...

CVE-2017-6766

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...

Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected...

DEBIAN-CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

UBUNTU-CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

Cisco UCS Invicta Software Information Disclosure Vulnerability

Cisco UCS Invicta Software is a suite of software from the U.S. company Cisco Cisco that provides application acceleration capabilities. An information disclosure vulnerability exists in Cisco UCS Invicta Software. An attacker could exploit the vulnerability by intercepting communications to...

Mobile Devices C4 OBD2 Dongle Privilege Access Vulnerability (CNVD-2015-05627)

The Mobile Devices aka MDI C4 OBD2 Dongle is a programmable OBD2 solution from the French company Mobile Devices. A security vulnerability exists in the Mobile Devices C4 OBD2 Dongle that arises from different user installers storing the same SSH private key. A remote attacker could exploit the...

Spectris N-Tron 702-W Industrial Wireless Access Point Device Key Vulnerability

The Spectris N-Tron 702-W Industrial Wireless Access Point device is a wireless access point device. The Spectris N-Tron 702-W Industrial Wireless Access Point device has a security vulnerability due to the use of the same SSH and HTTPS private keys during installation by different users. Allowin...