OSEC-2026-09 Albatross-console memory exhaustion

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

CVE-2021-22771

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

CVE-2021-22770

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information...

Design/Logic Flaw

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

CVE-2021-22771

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

CVE-2021-22771

CVE-2021-22771 affects Schneider Electric’s Easergy T300 (firmware ≤ 2.7.1). The root cause is an improper neutralization of formula elements in a CSV file, enabling arbitrary command execution. Affected product/version details are confirmed by multiple sources (NVD, Red Hat, CVE lists, CNNVD). T...

CVE-2021-22770

The CVE-2021-22770 entry concerns Schneider Electric’s Easergy T300 remote terminal unit. Affected firmware: v2.7.1 and older. Root cause: information exposure due to inadequate data access checks, allowing an actor not explicitly authorized to access sensitive information. Documented impact: dat...

CVE-2021-22769

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted...

Design/Logic Flaw

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted...

AnswerScript 2.7.1 Cross Site Scripting

======================================================================== | Title : AnswerScript v2.7.1 XSS vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v2.7.1 | Vendor :...

v2. 7. 1 The following version of the Git in the presence of vulnerabilities, or may lead to remote code execution-vulnerability warning-the black bar safety net

It is understood that the security researchers in 2. 7. 1 version before all versions of the Git found a security vulnerability in its server and client are the presence of this vulnerability. An attacker can exploit this vulnerability to cause the target system to a buffer overflow, resulting in...

Security fix for the ALT Linux 5 package pidgin-mini version 2.7.1-alt1

June 13, 2010 Slava Semushin 2.7.1-alt1 - Updated to 2.7.1 + CVE-2010-0013: MSN local file disclosure vulnerability + CVE-2010-0277: remote MSN SLP crash + CVE-2010-0420: remote Finch XMPP crash + CVE-2010-0423: remote smiley freeze/CPU pegging DoS + CVE-2010-1624: MSN emoticon DoS - Added...

cP Creator v2.7.1 Remote Sql Injection

No description provided by source. !/usr/bin/python cP Creator v2.7.1 Remote Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com - Coming Soon Again My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidan...

cP Creator 2.7.1 - SQL Injection

!/usr/bin/python cP Creator v2.7.1 Remote Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com - Coming Soon Again My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr Downlo...