MiracleLinux 8 : python-rtslib-2.1.73-2.el8 (AXEA:2021-1213:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXEA:2021-1213:01 advisory. - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus...

CVE-2025-66203

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

CVE-2025-66203 StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

CVE-2025-66203

CVE-2025-66203 affects StreamVault’s SpiritApplication. Prior to version 251126, an RCE exists because administrators can configure yt-dlp arguments via /admin/api/saveConfig without sufficient validation; these arguments are stored globally and later used by YtDlpUtil.java to construct the yt-dl...

PT-2025-53607

Name of the Vulnerable Software and Affected Versions StreamVault versions prior to 251126 Description StreamVault is a video download integration solution. A Remote Code Execution RCE issue exists in the stream-vault application SpiritApplication. The application does not properly validate...

CVE-2025-12675

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2025-12675

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2025-12675 KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2025-12675 KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

WordPress plugin KiotViet Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-45093

Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the saveConfig function...

PT-2023-8010 · Ivanti · Ivanti Avalanche Enterpriseserver Service

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche EnterpriseServer Service affected versions not specified Description: The issue is related to an unrestricted file upload vulnerability in the Ivanti Avalanche EnterpriseServer Service, which can be exploited to elevate...

SUSE CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

SUSE CVE-2020-14019

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveConfig method. The...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche that could be exploited by a remote attacker to execute arbitra...

python-rtslib: weak permissions for /etc/target/saveconfig.json

A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to...

python-rtslib: weak permissions for /etc/target/saveconfig.json

A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to...

openSUSE Security Update : python-rtslib-fb (openSUSE-2020-1156)

This update for python-rtslib-fb fixes the following issues : - Update to version v2.1.73 bsc1173257 CVE-2020-14019 : - version 2.1.73 - savetofile: fix fd open mode - saveconfig: copy temp configfile with permissions - saveconfig: open the temp configfile with modes set - Fix 'is not' with a...

AZL-44778 CVE-2020-14019 affecting package python-rtslib 2.1.fb69-9

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...