MINI-WQPM-3666-MVPV

Bulletin has no description...

pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. Patches This has been fixed in pypdf==6.7.5. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3666...

MINI-3666-X2PM-54X2

Bulletin has no description...

MiracleLinux 8 : rsyslog-8.2102.0-7.el8.1 (AXSA:2022-3666:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3666:04 advisory. rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

Linux Distros Unpatched Vulnerability : CVE-2022-3666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4LinearReader::Advance of the fi...

CVE-2019-3666

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor WA prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site...

CVE-2025-3666

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...

CVE-2025-3666

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...

CVE-2025-3666

creationtimestamp| type| source ---|---|--- 2025-04-16 03:55:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11984 2025-04-16 06:48:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmvyq7pd6g2r 2025-04-16 07:39:59+00:00| seen|...

CVE-2025-3666 TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...

CVE-2025-3666 TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...

Rocky Linux 8 : tomcat (RLSA-2024:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3666 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes: Rebase...

Oracle Linux 8 : tomcat (ELSA-2024-3666)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3666 advisory. - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Tenable has extracted the preceding...

CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress Opal Estate Pro Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Opal Estate Pro Type Plugin Vulnerable versions = 1.7.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b27bd5923011 Credits emad Required privilege...

openSUSE: Security Advisory for libxml2 (SUSE-SU-2023:3666-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3666

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploi...

CVE-2022-3666

CVE-2022-3666 affects Axiomatic Bento4, specifically the mp42ts component and the AP4_LinearReader::Advance function in Ap4LinearReader.cpp. The vulnerability is a use-after-free that could be exploited remotely; the exploit has been publicly disclosed (VDB-212006). Multiple sources corroborate a...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1013 more potentially affected by CVE-2014-3666 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.565.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.1, =2.0.6 and more Source cves: CVE-2014-3666 Source advisory: OSV:GHSA-FVFH-8MJ3-23XJ...

@hosoft/restful-api-framework (>=1.0.1 <=1.5.3), @iamkenos/fragile (>=0.1.1 <=0.1.5) +28 more potentially affected by CVE-2021-3666 via body-parser-xml (>=1.1.0 <=2.0.1)

body-parser-xml NPM version =1.1.0, =1.0.1, =0.1.1, =1.229.0, =0.0.8, =0.1.0, =0.1.4, =0.1.0, =0.8.2-alpha.2, =0.0.10, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.1.0 - hubot-wework =0.1.0 and more Source cves: CVE-2021-3666 Source advisory: OSV:GHSA-2GHC-6V89-PW9J...