7894 matches found
Q-Free MAXTIME Suite 访问控制错误漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...
CVE-2025-21419
Windows Setup Files Cleanup Elevation of Privilege Vulnerability...
CVE-2025-21419
Windows Setup Files Cleanup Elevation of Privilege Vulnerability...
CVE-2025-21419 Windows Setup Files Cleanup Elevation of Privilege Vulnerability
...
CVE-2025-21419 Windows Setup Files Cleanup Elevation of Privilege Vulnerability
...
CVE-2025-21419
CVE-2025-21419 is a Windows Setup cleanup vulnerability that enables local elevation of privilege. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) indicates an attacker with low privileges and local access can achieve high integrity and availability impact, without user interaction. The...
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fixed sleeping in atomic context due to regmap locking If a device uses the MCP23xxx IO expander to receive IRQs, the following bug can occur: Bug: Sleeping functions called from an invalid context At...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A fix was made to prevent division by zero in the setupdscconfig function. When sliceheight is 0, the division by sliceheight in the calculation of the number of slices can lead to a division by zero, causing the...
PT-2025-6196 · Mentor Graphics · Modelsim +1
Name of the Vulnerable Software and Affected Versions: ModelSim versions prior to V2025.1 Questa versions prior to V2025.1 Description: A vulnerability has been identified that allows an authenticated local attacker to inject arbitrary code and escalate privileges. This is possible because an...
CVE-2025-25523
Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v11.00.023 due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability...
SUSE-SU-2025:20123-1 Security update for cloud-regionsrv-client
This update for cloud-regionsrv-client contains the following fixes: - Update to 10.3.11 bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.9: bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.8: bsc1233333 +...
The vulnerability of the i40e_xdp_setup() function (drivers/net/ethernet/intel/i40e/i40e_main.c) in the Linux kernel driver for the i40e driver allows a hacker to cause a service failure.
The vulnerability of the i40exdpsetup function drivers/net/ethernet/intel/i40e/i40emain.c in the Linux kernel driver for the i40e chip is related to improper resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...
Open5GS Denial of Service Vulnerability (CNVD-2025-03200)
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends an "Initial Context Setup Failed" message that lac...
Open5GS has an unspecified vulnerability (CNVD-2025-03161)
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited by an attacker to send an "E-RAB Setup Response" message that lacks the required mmeues1apid' field to...
Open5GS has an unspecified vulnerability (CNVD-2025-03190)
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends an "Initial Context Setup Response" message that...
CVE-2024-57279
A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...
CVE-2021-41527 2FA bypass on the RISC Platform
An error related to the 2-factor authorization 2FA on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed...
CVE-2025-24642
Missing Authorization vulnerability in theme funda Setup Default Featured Image setup-default-feature-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Setup Default Featured Image: from n/a through = 1.2...
Prototype Pollution
Overview org.webjars.npm:vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration. Affected...