21307 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-7467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this...
Linux Distros Unpatched Vulnerability : CVE-2018-1000164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in...
Linux Distros Unpatched Vulnerability : CVE-2019-14235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri...
Linux Distros Unpatched Vulnerability : CVE-2015-4598
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or...
Linux Distros Unpatched Vulnerability : CVE-2017-0899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem...
Linux Distros Unpatched Vulnerability : CVE-2021-29155
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading ...
PT-2025-9682
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.12 Rack versions prior to 3.0.13 Rack versions prior to 3.1.11 Description The issue concerns the Rack::Sendfile middleware, which logs unsanitised header values from the X-Sendfile-Type header. An attacker can explo...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
Linux Distros Unpatched Vulnerability : CVE-2015-0251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafte...
OPENSUSE-SU-2025:0081-1 Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues: Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. - CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences bsc1222992. -...
Directory Traversal
Overview oxidized-web is a puma+sinatra+haml webUI + REST API for oxidized Affected versions of this package are vulnerable to Directory Traversal through the RANCID migration page. An attacker can gain control over the Linux user account running the application by exploiting this vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2006-4573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in the utf8 combining characters handling utf8handlecomb function in encoding.c in screen before 4.0.3 allows user-assisted...
Linux Distros Unpatched Vulnerability : CVE-2011-2725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. dot dot sequences i...
Linux Distros Unpatched Vulnerability : CVE-2009-3560
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denia...
Security update for phpMyAdmin (important)
openSUSE Security Update: Security update for phpMyAdmin Announcement ID: openSUSE-SU-2025:0081-1 Rating: important References: 1222992 1236311 1236312 1238159 Cross-References: CVE-2023-30536 CVE-2024-2961 CVE-2025-24529 CVE-2025-24530 CVSS scores: CVE-2024-2961 SUSE: 8.2...
Linux Distros Unpatched Vulnerability : CVE-2010-0926
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticat...
CVE-2025-27413
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...
CVE-2025-0823
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2025-26326
A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...
CVE-2024-54169
IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...