Linux Distros Unpatched Vulnerability : CVE-2015-3741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or...

CVE-2005-3741

Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions...

CVE-2022-3741

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output...

CVE-2021-3741

creationtimestamp| type| source ---|---|--- 2024-11-15 10:54:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113486597696670459 2024-11-15 13:15:50+00:00| seen| https://t.me/cvedetector/11072...

CVE-2021-3741 Stored Cross-site Scripting (XSS) in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom...

CVE-2021-3741 Stored Cross-site Scripting (XSS) in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom...

CVE-2021-3741

Chatwoot stored XSS vulnerability (CVE-2021-3741) affecting chatwoot/chatwoot versions prior to 2.6.0. The issue arises from uploading an SVG file containing a malicious XSS payload in Profile Settings; when the avatar is opened, the injected JavaScript executes. Impact is described as execution ...

CentOS 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

Oracle Linux 7 : bind, / bind-dyndb-ldap, / and / dhcp (ELSA-2024-3741)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3741 advisory. - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387 CVE-2023-50868 - Speed up parsing of DNS messages with many different names...

CVE-2024-3741

Summary : CVE-2024-3741 affects Electrolink FM/DAB/TV Transmitters and is an authentication-bypass vulnerability in the login cookie, allowing an attacker to gain full system access by setting an arbitrary cookie value other than 'NO'. Affected products : A wide range of Electrolink transmitters ...

Electrolink FM/DAB/TV Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Electrolink Equipment : FM/DAB/TV Transmitter Vulnerabilities : Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and...

Debian dla-3741 : engrampa - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3741 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-3741

creationtimestamp| type| source ---|---|--- 2023-12-20 14:46:32+00:00| seen| https://t.me/ctinow/157040...

CVE-2023-3741

The CVE-2023-3741 entry describes an OS command injection vulnerability in NEC Platforms DT900 and DT900S Series IP phones (all versions), allowing an attacker to execute arbitrary commands on the device. According to connected sources, exploitation is possible over the network with no privileges...

CVE-2023-3741

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device...

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

CentOS: Security Advisory for c-ares (CESA-2023:3741)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : c-ares (RHSA-2023:3741)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3741 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: 0-byte UDP payload...

Oracle Linux 7 : c-ares (ELSA-2023-3741)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3741 advisory. 1.10.0-3.1 - Resolves: rhbz2209503 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service rhel-7.9.z Tenable has extracted the preceding description bloc...

CVE-2022-3741

creationtimestamp| type| source ---|---|--- 2022-10-28 16:29:12+00:00| seen| https://t.me/cibsecurity/52207...