CLSA-2026-1776864708 Fix CVE(s): CVE-2019-13115, CVE-2019-3855, CVE-2019-3856, CVE-2019-3863

SECURITY UPDATE: integer overflow in transport read allowing out-of-bounds write via crafted SSH packet - debian/patches/CVE-2019-3855.patch: add packetlength bounds check against LIBSSH2PACKETMAXPAYLOAD in transport read - CVE-2019-3855 SECURITY UPDATE: integer overflow in keyboard-interactive...

Linux Distros Unpatched Vulnerability : CVE-2026-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying t...

EUVD-2026-3856

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through = 1.0...

MiracleLinux 3 : glibc-2.5-49.7.0.1.AXS3 (AXSA:2010-477:06)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-477:06 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make...

MiracleLinux 7 : libssh2-1.4.3-12.el7.2 (AXSA:2019-3791:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3791:02 advisory. Security Fix - libssh2 SSH CVE-2019-3855 - libssh2 SSH CVE-2019-3856 - libssh2SSHMSGCHANNELREQUESTEXIT SSH CVE-2019-3857 - libssh2 char CVE-2019-386...

SUSE: Security Advisory (SUSE-SU-2025:3856-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3856

A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Affected by this issue is some unknown functionality of the file /blog-single.php. The manipulation of the argument slug leads to cross site scripting. The attack may be launched remotely. The...

CVE-2022-3856

The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

CVE-2020-3856

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption...

CVE-2011-3856

Cross-site scripting XSS vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...

CVE-2005-3856

The Popular URL capability popularurls.cpp in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites...

CVE-2009-3856

Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...

CVE-2019-3856

creationtimestamp| type| source ---|---|--- 2025-04-23 20:04:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13137...

CVE-2025-3856

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-3856 xxyopen Novel-Plus searchByPage sql injection

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-3856 xxyopen Novel-Plus searchByPage sql injection

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2019-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A...

openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5) (SUSE-SU-2024:3856-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6747-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6747-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...