EUVD-2001-0888

Malware in sbrugna...

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation in Below 1 Introduct...

PT-2025-33684 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The device contains insecure credentials for the telnet service and root account. Recommendations: Change the default credentials for the telnet service and root account...

Alibaba Cloud Linux 3 : 0110: container-tools:rhel8 (ALINUX3-SA-2022:0110)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0110 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-5736: runc through 1.0-rc6, as us...

CVE-2025-1143

CVE-2025-1143 affects Billion Electric routers (M100, M150, M120N). Public records describe hard-coded embedded Linux credentials in the SSH service, allowing an attacker with local access to log in and obtain root privileges. The CVSS 3.1 vector indicates local access, low attack complexity, and...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework. An attacker can exploit the vulnerability to read files outside of the servi...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...

Aruba AOS-CX 路径遍历漏洞

Aruba AOS-CX is a modern programmable network from Aruba, USA. A security vulnerability exists in Aruba OS AOS-CX that stems from the lack of effective filtering in the software for user-submitted path parameters. An attacker could use this vulnerability to traverse the directory of the AOS-CX in...

Sonatype Nexus Repository Manager IQ 路径遍历漏洞

Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...

Django Path Traversal Vulnerability

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system and so on. Django has a path traversal vulnerability that can be exploited by an attacker to traverse a...

5aces-service-registry (=1.0.1), 5aces-service-root (>=1.0.1 <=1.0.3) +964 more potentially affected by CVE-2017-16024 via sync-exec (>=0.3.2 <=0.6.2)

sync-exec NPM version =0.3.2, =1.0.1, =3.0.0, =3.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.5, =2.3.5, =0.1.12-alpha.0, =0.0.2, =0.0.3 and more Source cves: CVE-2017-16024 Source advisory: OSV:GHSA-38H8-X697-GH8Q...

CVE-2018-16836

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI...

CVE-2018-16836

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI...

Directory traversal

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI...

CVE-2018-10361

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauthktexteditorhelper service as utilized in the Kate text editor can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one use...

Ubuntu Apport - Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/ Problem description: On Ubuntu Vivid Linux distribution apport is used for automated sending of client program crash dumps but also of kernel crash...

Ubuntu: Security Advisory (USN-1286-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities

A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface lcall. CAN-2003-0001: Multiple...

CVE-2003-0959

Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copyfromuser function calls with improper length arguments...

DSA-311 linux-kernel-2.4.18 - several vulnerabilities

Bulletin has no description...