15 matches found
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk.Authenticated users can trigger a denial-of-service attack by using specially crafted, overly long pattern matching on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matchi...
Astra Linux – Vulnerability in LibreOffice
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint servers. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice, links using this scheme could be used to invoke internal macr...
CVE-2025-58835
Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...
CVE-2023-22088
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: User Management. Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
CVE-2024-46662
A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets...
CVE-2025-21544
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
UBUNTU-CVE-2024-31227
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...
Fortra GoAnywhere MFT Security Vulnerability
Fortra GoAnywhere MFT is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.4.1. An attacker exploited the vulnerability to bypass authentication in order to create an administrator user through the management portal...
CVE-2023-22088
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: User Management. Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
GHSA-M6CJ-93V6-CVR5 Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
Impact A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. Patches The problem is partially patched in 7.4.1 Workarounds None References...
Elastic Stack 7.4.1 security update
Logstash Beats input denial of service flaw ESA-2019-14 A denial of service flaw was found in the Logstash beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop...
DotNetNuke Security Bypass Vulnerability
DotNetNuke DNN is a set of U.S. DNN company supported by Microsoft, based on the ASP.NET platform for open source content management system CMS. A security vulnerability exists in the installationwizard in versions of DNN prior to 7.4.1. A remote attacker can exploit the vulnerability by sending ...
Drupal Shibboleth Authentication Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Shibboleth Authentication is one of the user login and get access to the authentication module . A cross-site request forgery vulnerability exists in the Drupal Shibboleth...
PowerShell v7.4.1 (x64)
PowerShell v7.4.1 x64...