DataEase 2.10.4-2.10.7 - Remote Code Execution

DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication. id: CVE-2025-32966 info: name: DataEase 2.10.4-2.10.7 - Remote Code Execution author: ChrisJr4...

EUVD-2013-0299

Malware in sbrugna...

EUVD-2023-33782

Malicious code in bioql PyPI...

EUVD-2023-46368

Malicious code in bioql PyPI...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16...

CVE-2024-31990

CVE-2024-31990 affects Argo CD: the API server did not enforce project sourceNamespaces, enabling UI-edited resources that should be controlled by gitops. Connected sources confirm this issue in Argo CD and link to fixes in version 2.10.7, 2.9.12, and 2.8.16. Remediation is upgrading to one of th...

PT-2024-24340 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.10.7 Argo CD versions prior to 2.9.12 Argo CD versions prior to 2.8.16 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces...

Design/Logic Flaw

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

CVE-2023-41878 Weak password of selenium VNC in MeterSphere

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

CVE-2023-41878 Weak password of selenium VNC in MeterSphere

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

[SECURITY] [DLA 3168-1] openvswitch security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3168-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 29, 2022 https://wiki.debian.org/LTS -...

Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

Aviatrix VPN Client Code Execution Vulnerability

Aviatrix VPN Client is a VPN Virtual Private Network client application that provides SAML authentication. A security vulnerability exists in Aviatrix VPN Client versions prior to 2.10.7. An attacker can exploit the vulnerability to execute code...

Arbitrary Code Execution

pidgin is vulnerable to arbitrary code execution attacks. The vulnerability exists through a buffer overflow issue in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header...

CVE-2009-5145

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340)

This update for webkit2gtk3 fixes the following issues : - Update to version 2.10.7 : + Fix the build with GTK+ 3.16. - Changes from version 2.10.6 : + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang. + Fix medi...

pidgin: MXit protocol stack-based buffer overflow when processing HTTP headers

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header...