33 matches found
MiracleLinux 8 : gfbgraph-0.2.4-1.el8.ML.1 (AXSA:2022-3332:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3332:02 advisory. gfbgraph: missing TLS certificate verification CVE-2021-39358 Tenable has extracted the preceding description block directly from the MiracleLinux security...
EUVD-2025-39358
Malicious code in tuti-telur51-breki npm...
MAL-2025-39358 Malicious code in wisp-xanadu-nqk291-project (npm)
The package wisp-xanadu-nqk291-project was found to contain malicious code...
CVE-2025-39358
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...
CVE-2025-39358
creationtimestamp| type| source ---|---|--- 2025-06-06 13:03:17+00:00| seen| Telegram/i7ycyjcFtJ3ktfeH7GOJEagrL0owek2QcrSXVF3atIap0...
CVE-2025-39358
CVE-2025-39358 affects WordPress plugin WP Posts Carousel (versions up to and including 1.3.12). The vulnerability is Deserialization of Untrusted Data leading to PHP Object Injection, reported for authenticated contexts (Contributor+). Patchstack and CVE records indicate the issue is fixed in ve...
WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin WP Posts Carousel versions = 1.3.12...
CVE-2022-39358
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
Linux Distros Unpatched Vulnerability : CVE-2021-39358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users...
CVE-2024-39358
A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Wavlink AC3000 adm.cgi set_wzdap() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2027 Wavlink AC3000 adm.cgi setwzdap buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39358 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Unspecified vulnerability in Linux kernel (CNVD-2024-39358)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from a null pointer dereference. No details of the vulnerability are provided at this time...
Rocky Linux 8 : gfbgraph (RLSA-2022:1801)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1801 advisory. - In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users...
Fedora: Security Advisory (FEDORA-2023-248dff7cbe)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for cacti (FEDORA-2023-6335ea9c0c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for cacti (FEDORA-2023-06a2a6e03c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for cacti-spine (FEDORA-2023-06a2a6e03c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-39358 Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
CVE-2022-39358
Metabase is vulnerable to a parameter-control bypass in embedded dashboards: a remote attacker can craft a malicious request to the backend to circumvent locked parameters when requesting data for a question. The issue affects Metabase versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and...
OESA-2022-1937 gfbgraph security update
GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts. Security Fixes: In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks...