Important Photon OS Security Update - PHSA-2026-5.0-0735

Updates of 'linux-esx', 'linux' packages of Photon OS have been released...

ECHO-0735-92E2-78FF

Bulletin has no description...

TencentOS Server 2: openssl (TSSA-2023:0334)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0334 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CVE-2024-0735

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2020-0735

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0752...

Linux Distros Unpatched Vulnerability : CVE-2018-0735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

CVE-2024-0735

creationtimestamp| type| source ---|---|--- 2024-01-25 17:17:15+00:00| seen| https://t.me/ctinow/173585 2024-02-15 09:46:58+00:00| seen| https://t.me/ctinow/185371...

CVE-2024-0735

CVE-2024-0735 affects SourceCodester Online Tours & Travels Management System 1.0. The vulnerability resides in the exec function of admin/operations/expense.php, enabling SQL injection. It can be triggered remotely and has public exploit disclosure (VDB-251558). Connected documents corroborate t...

CVE-2024-0735 SourceCodester Online Tours & Travels Management System expense.php exec sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit...

edk2 security update

20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

edk2 security update

20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0735)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0735 advisory. - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an...

Oracle Linux 8 : openssl (ELSA-2019-3700)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3700 advisory. 1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c...

K43741620: OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735

Security Advisory Description CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j...

CVE-2023-0735

creationtimestamp| type| source ---|---|--- 2023-02-08 02:23:36+00:00| seen| https://t.me/cibsecurity/57733...

CVE-2023-0735 Cross-Site Request Forgery (CSRF) in wallabag/wallabag

Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.5.4...

CVE-2023-0735

CVE-2023-0735 is a CSRF vulnerability in wallabag/wallabag, present in versions prior to 2.5.4. Connected documents specify the root cause as a lack of validations in the account/delete functionality, enabling attacker‑initiated actions on behalf of an authenticated user. The sources consistently...

CVE-2021-0735

CVE-2021-0735 affects Android 13, where a missing permission check in PackageManager allows information disclosure about installed packages without extra privileges. Vulnerable component: PackageManager; root cause: failure to enforce Android 11+ limitations, enabling local information disclosure...

CVE-2022-0735

CVE-2022-0735 — GitLab CE/EE information disclosure : Affects GitLab CE/EE versions 12.10–before 14.6.5, 14.7–before 14.7.4, and 14.8–before 14.8.2. An unauthorized user could disclose runner registration tokens via an information-disclosure vulnerability triggered by quick actions commands, enab...