ml-toolkit-ts (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via @ml-toolkit-ts/xgboost (=1.0.2)

@ml-toolkit-ts/xgboost NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @ml-toolkit-ts/xgboost and may be impacted: - ml-toolkit-ts =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3602...

MiracleLinux 9 : openssl-3.0.1-43.el9 (AXSA:2022-3967:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3967:08 advisory. OpenSSL: X.509 Email Address Buffer Overflow CVE-2022-3602 OpenSSL: X.509 Email Address Variable Length Buffer Overflow CVE-2022-3786 Tenable has...

CVE-2021-3602 affecting package buildah for versions less than 1.41.4-2

CVE-2021-3602 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...

Linux Distros Unpatched Vulnerability : CVE-2012-3602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application...

CVE-2025-3602

creationtimestamp| type| source ---|---|--- 2025-06-16 14:38:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18449 2025-06-16 15:23:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrqbwovudc2u...

CVE-2025-3602

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on t...

CVE-2025-3602

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on t...

CVE-2019-3602

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML...

CVE-2007-3602

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250416T165455 2025-04-16T16:54:55Z. jscPED-11136: GO-2025-3595 Update to version 0.0.20250410T162706 2025-04-10T16:27:06Z. jscPED-11136: GO-2025-3601 GO-2025-3602 Patch Instructions: To install this SUSE update...

Linux Distros Unpatched Vulnerability : CVE-2021-3602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

Linux Distros Unpatched Vulnerability : CVE-2011-3602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in device-linux.c in the router advertisement daemon radvd before 1.8.2 allows local users to overwrite arbitrary files, and...

python311-cryptography-vectors-44.0.0-1.1 on GA media (moderate)

python311-cryptography-vectors-44.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14740-1 Rating: moderate Cross-References: CVE-2022-3602 CVE-2022-3786 CVSS scores: CVE-2022-3602 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3786 SUSE : 5.9...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

Fedora 37 : openssl (2022-0f1d2e0537)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-0f1d2e0537 advisory. Security fix for CVE-2022-3602 and CVE-2022-3786 Tenable has extracted the preceding description block directly from the Fedora security advisory...

CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnectpromolayer function in all versions up to, and including, 1.1.0. This...

CVE-2024-3602

CVE-2024-3602 – Promolayer popup builder for WordPress is vulnerable to an unauthorized plugin settings update due to a missing capability check in the disconnect_promolayer function in versions up to 1.1.0. This allows authenticated attackers with subscriber access or higher to remove the Promol...

WordPress Promolayer Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software Promolayer Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3602 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db7856cf6e2a Credits Lucio Sá Required privilege Subscribe...

CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2

CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2. A patched version of the package is available...

Malicious code in wlwz-2312-3602 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da808703d524fdcc6aa062b469243740cb1f96ddce506044463df68479f1bd70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...