Amazon Linux 2 : docker, --advisory ALAS2ECS-2025-090 (ALASECS-2025-090)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-090 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2025-090 (ALASDOCKER-2025-090)

The version of soci-snapshotter installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-090 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint...

Slackware Linux 15.0 / current ruby Multiple Vulnerabilities (SSA:2023-090-01)

The version of ruby installed on the remote host is prior to 3.0.6 / 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-090-01 advisory. - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-090)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-090 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

CVE-2022-21202 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information...

CVE-2022-24383 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to an out-of-bounds read, which may result in code execution...

CVE-2022-24383 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to an out-of-bounds read, which may result in code execution...

CVE-2022-21228 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

CVE-2022-21214 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution...

CVE-2022-21168 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure...

CVE-2022-1161 ICSA-22-090-05 Rockwell Automation Logix Controllers

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

Mitsubishi Electric FA Products

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay...

GitHub Security Lab: [GO]: [CWE-090: LDAP Injection All For One]

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: [Python] CWE-090: LDAP Injection

This bug was reported directly to GitHub Security Lab...

CVE-2020-6760

CVE-2020-6760 affects the Schmid ZI 620 V400 VPN 090 router. The vulnerability allows an attacker to execute OS commands as root by submitting shell metacharacters to an entry on the SSH subcommand menu, demonstrated by an example like ping. This is a network-based injection risk, with the impact...

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

Webform Multiple File Upload - Critical - Unsupported - SA-CONTRIB-2019-090

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

MS15-090: Vulnerabilities in Windows could allow elevation of privilege: August 11, 2015

MS15-090: Vulnerabilities in Windows could allow elevation of privilege: August 11, 2015 Summary To learn more about the vulnerability, see Microsoft Security Bulletin MS15-090. More Information Important All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows...

Feedback Collect - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-090

This module enables you to add feedback forms and gather end user feedback, bug reports or any kind of suggestions. The module doesn't sufficiently filter output of its own fields under the scenario of creating or editing feedback-collect content types. This vulnerability is mitigated by the fact...

Microsoft Windows Win32k Elevation of Privilege (MS16-090: CVE-2016-3250)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass a security check in win32k to load a custom font from an arbitrary file on disk. Successful exploitation could allow an attacker to run arbitrary code with elevated privileges...