news.russia.network | Published Advisories

ZDI-25-206: Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8...

ПОДРОБНЕЕ

ZDI-25-205: Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-204: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2761...

ПОДРОБНЕЕ

ZDI-25-203: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-202: Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary XML schema files on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2024-55597...

ПОДРОБНЕЕ

ZDI-25-201: Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the vulnerability is triggered only when an administrator performs an install of the product. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2025-27529...

ПОДРОБНЕЕ

ZDI-25-200: Exim Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Exim. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-30232...

ПОДРОБНЕЕ