BELL-CVE-2025-38649 CVE-2025-38649 does not affect BellSoft software

Bulletin has no description...

MAL-2025-38649 Malicious code in vs43 (npm)

The package vs43 was found to contain malicious code...

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1Not Applicable to 9.1Rx allows a remote unauthenticated attacker to cause a denial of service...

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1Not Applicable to 9.1Rx allows a remote unauthenticated attacker to cause a denial of service...

CVE-2024-38649

The CVE-2024-38649 issue is an out-of-bounds write in IPsec of Ivanti Connect Secure older than 22.7R2.1 (not applicable to 9.1Rx) that can be exploited remotely by an unauthenticated attacker to cause a denial of service. Connected advisories confirm this vulnerability affects Ivanti Connect Sec...

CVE-2023-38649

creationtimestamp| type| source ---|---|--- 2024-01-08 16:32:19+00:00| seen| https://t.me/ctinow/164463 2024-01-11 08:16:29+00:00| seen| https://t.me/ctinow/166345...

CVE-2023-38649

Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concer...

CVE-2023-38649

Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concer...

DEBIAN-CVE-2023-38649

Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concer...

CVE-2023-38649

Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concer...

CVE-2023-38649

GTKWave: Multiple out-of-bounds write vulnerabilities in vz t_rd_get_facname decompression in GTKWave 3.3.115 can lead to arbitrary code execution when opening a crafted .vzt file. Debian security advisories show fixes upgrading to 3.3.118 (bullseye) or 3.3.118-0.1~deb12u1 (bookworm); i.e., upgra...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +128 more potentially affected by CVE-2022-38649 via apache-airflow (>=1.8.2 <=2.2.5)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-38649 Source advisory: OSV:GHSA-7WQF-H36W-47MC...

CVE-2022-38649

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

CVE-2022-38649

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

CVE-2022-38649 Apache Airflow Pinot provider allowed Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

CVE-2022-38649 Apache Airflow Pinot provider allowed Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

CVE-2022-38649

CVE-2022-38649 describes an OS command injection vulnerability in the Apache Airflow Pinot Provider. The issue arises from improper neutralization of special elements when constructing OS commands, enabling an attacker to control commands executed in the task execution context without requiring D...

VulnCheck KEV: CVE-2021-38649

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...

Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities

The version of Microsoft Open Management Infrastructure OMI package installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to...

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege EoP vulnerabilities and one unauthenticated Remote Code Execution RCE vulnerability in the Open Management...