3039 matches found
CVE-2025-3892
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a maliciou...
CVE-2025-30027
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...
CVE-2025-30027
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...
CVE-2025-30027
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...
CVE-2025-30027
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...
CVE-2025-30027
CVE-2025-30027 affects Axis devices via insufficient input validation in ACAP configuration files, enabling arbitrary code execution. Exploitation requires the device to allow unsigned ACAP apps and a user to install a malicious ACAP application. Impact: high on confidentiality, integrity, and av...
CVE-2025-3892
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a maliciou...
CVE-2025-3892
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a maliciou...
CVE-2025-3892
CVE-2025-3892 concerns Axis devices running ACAP; the issue allows elevated privileges when an Axis device is configured to allow unsigned ACAP applications and a malicious ACAP app is installed after user trickery. The CVSS details indicate LOCAL exploitation with HIGH privileges required, high ...
PT-2025-32626 · Axis · Axis
Name of the Vulnerable Software and Affected Versions: Axis affected versions not specified Description: ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This issue can only be exploited if the Axis device is configured to allow the...
PT-2025-32625 · Axis · Axis
Name of the Vulnerable Software and Affected Versions: Axis affected versions not specified Description: An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This issue can only be exploited if the Axis device is configured to allow the...
Linux Distros Unpatched Vulnerability : CVE-2023-29532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB...
Authentication Bypass
Node-SAML is vulnerable to Authentication Bypass. The vulnerability is due to improper signature verification because the library loads assertions from the unsigned original response document instead of the signed portion, allowing attackers with a validly signed document to alter authentication...
Linux Distros Unpatched Vulnerability : CVE-2022-49870
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - capabilities: fix undefined behavior in bit shift for CAPTOMASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. T...
Linux Distros Unpatched Vulnerability : CVE-2022-49964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document...
Linux Distros Unpatched Vulnerability : CVE-2021-35039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel...
Linux Distros Unpatched Vulnerability : CVE-2025-22039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypa...
DEBIAN-CVE-2024-48916
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
AZL-65996 CVE-2024-48916 affecting package ceph for versions less than 16.2.10-9
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
AZL-66005 CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...