MAL-2025-38750 Malicious code in walnut-tornado-tsch (npm)

The package walnut-tornado-tsch was found to contain malicious code...

CVE-2023-38750

In Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed...

CVE-2022-38750 affecting package snakeyaml 1.25-2

CVE-2022-38750 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...

CVE-2024-38750

creationtimestamp| type| source ---|---|--- 2024-07-20 11:26:31+00:00| seen| https://t.me/cvedetector/1253...

CVE-2024-38750

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0...

CVE-2024-38750 WordPress Advanced post slider plugin <= 3.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0...

CVE-2024-38750 WordPress Advanced post slider plugin <= 3.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0...

WordPress Advanced post slider Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Advanced post slider Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38750 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df5074d84975 Credits LVT-tholv2k Required privilege...

Amazon Linux 2 : snakeyaml (ALAS-2024-2403)

The version of snakeyaml installed on the remote host is prior to 1.11-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2403 advisory. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is runnin...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

CVE-2023-38750

CVE-2023-38750 affects Zimbra Collaboration (ZCS) versions 8.x up to 8.8.15 Patch 41, 9.x up to 9.0.0 Patch 34, and 10.x up to 10.0.2, where internal JSP/XML files can be exposed (information disclosure). The vulnerability is linked to exposure of internal JSP and XML files and has been described...

Zimbra issues awaited patch for actively exploited vulnerability

Two weeks ago, we urged readers to apply a workaround for an actively exploited vulnerability in Zimbra Collaboration Suite ZCS email servers. Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. Zimbra i...

CVE-2023-38750

creationtimestamp| type| source ---|---|--- 2023-07-28 00:16:56+00:00| exploited| https://t.me/ctinow/126799 2023-07-28 16:05:05+00:00| exploited| https://t.me/truesecator/4670 2023-07-31 20:37:58+00:00| seen| https://t.me/cibsecurity/67485...

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 34 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - A bug that could lead to exposure of internal JSP and XML files. CVE-2023-38750 - OpenSSL package contains a security issue related to the verification of X.509...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Amazon Linux 2023 : snakeyaml, snakeyaml-javadoc (ALAS2023-2023-200)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-200 advisory. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser t...

Medium: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CVE-2022-38750 Affected Packages: snakeyaml Issue...

GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...

RLSA-2023:2097 Important: Satellite 6.13 Release

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: CVE-2022-1471 CVE-2022-25857 CVE-2022-38749...

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749)

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-38750 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a...