36 matches found
Astra Linux - уязвимость в openssh
In OpenSSH 6.2 through 8.x, prior to version 8.8, when certain non-default configurations were used, privilege escalation could occur because supplementary groups were not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand might run with privileges...
Sage DPW 安全漏洞
Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...
CVE-2025-66443
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service...
EUVD-2017-0719
Malware in sbrugna...
EUVD-2025-29071
Malicious code in bioql PyPI...
CVE-2025-43922
The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...
CVE-2025-43922
The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...
FileWave Windows client 安全漏洞
FileWave Windows client is an end-to-end management software client from FileWave Switzerland. A security vulnerability exists in FileWave Windows client versions prior to 16.0.0, which stems from certain non-default configurations that could cause a local user to elevate privileges to SYSTEM...
SUSE CVE-2024-49506
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...
PT-2024-24265 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.1 and 11.5 Description: The issue is a denial of service under specific non-default configurations, where the server may crash when using a specially crafted SQL...
Vulnerability in OpenSSL - Unbounded memory growth with session handling in TLSv1.3
Issue summary : Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary : An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers. Although these require unusual circumstances or non-default...
CVE-2023-23470
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional...
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations...
GHSA-FPPQ-MJ76-FPJ2 fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2022-2524)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerabilities in OpenSSH affect AIX.
IBM SECURITY ADVISORY First Issued: Thu Jan 6 09:17:41 CST 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/opensshadvisory14.asc https://aix.software.ibm.com/aix/efixes/security/opensshadvisory14.asc...
Security Bulletin: A vulnerability in Apache Log4j (CVE-2021-45046) impacts IBM® QRadar User Behavior Analytics add on to IBM® QRadar SIEM.
Summary There is a vulnerability in Apache Log4j which is used by IBM® QRadar User Behavior AnalyticsUBA to log system events. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain...
USN-5197-1 apache-log4j2 vulnerability
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. An attacker could use this vulnerability to cause a denial of service. Please see the following link for more information:...
Denial Of Service (DoS)
log4j-core is vulnerable to denial of service DoS. The vulnerability exists because previous mitigation for CVE-2021-44228 is incomplete in certain non-default configurations. An attacker can send a malicious Thread Context Map MDC input data in JNDI Lookup pattern using a non-default Pattern...