10 matches found
EUVD-2025-35163
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component...
CVE-2025-11301
A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be...
EUVD-2025-24681
Malicious code in bioql PyPI...
CVE-2024-49731
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Linux Kernel ksmbd Session Setup Race Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the implementation of session setu...
SUSE CVE-2023-32247
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2SESSIONSETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a...
The vulnerabilities of the functions arch_efi_call_virt_setup() and arch_efi_call_virt_teardown() in the arch/arm64/include/asm/efi.h file of the Extensible Firmware Interface (EFI) subsystem of the Linux operating system allow a malicious actor to execute arbitrary code.
The vulnerability of the functions archeficallvirtsetup and archeficallvirtteardown in the arch/arm64/include/asm/efi.h module of the Extensible Firmware Interface EFI subsystem of the Linux operating system is related to insufficient serialization. Exploiting this vulnerability could allow an...
Design/Logic Flaw
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Atlassian Jira < 3.12.1 Xss In 500 Page
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.12.1. It, therefore, has multiple vulnerabilities: - a Cross-site scripting XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML, which is...
Design/Logic Flaw
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a 1 NVMe or 2 MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an...