MidnightBSD

Advisories for unicon-software

CVE-2017-14124 LOW

In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
unicon-software rp 5.4.0
unicon-software rp 4.8.0
unicon-software rp 5.3.0
unicon-software rp 4.5.0
unicon-software rp 4.7.0
unicon-software rp 5.4.1
unicon-software rp 5.2.0
unicon-software rp 4.10.0
unicon-software rp 5.0.0
unicon-software rp 4.11.3
unicon-software rp 4.0.1
unicon-software rp 4.11.0
unicon-software rp 4.6.0
unicon-software rp 5.1.0
unicon-software rp 4.4.0
unicon-software rp 4.7.1
unicon-software rp 4.9.0
unicon-software rp 4.2
unicon-software rp 4.11.1
unicon-software rp 4.11.5
unicon-software rp *
CVE-2017-7977 HIGH

The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
unicon-software elux *