20 matches found
EUVD-2025-39887
Malicious code in dono-getas90-ruro npm...
Linux Distros Unpatched Vulnerability : CVE-2025-39887
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the...
CVE-2025-39887
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...
CVE-2025-39887
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...
CVE-2025-39887 tracing/osnoise: Fix null-ptr-deref in bitmap_parselist()
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...
MAL-2025-39887 Malicious code in xnatetris (npm)
The package xnatetris was found to contain malicious code...
CVE-2024-39887
creationtimestamp| type| source ---|---|--- 2024-07-16 12:55:40+00:00| seen| https://t.me/cvedetector/926 2024-12-09 16:22:14+00:00| seen| https://t.me/cvedetector/12393 2024-12-11 15:19:16+00:00| confirmed|...
CVE-2024-39887
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...
CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...
CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...
CVE-2024-39887
CVE-2024-39887 describes an SQL Injection in Apache Superset due to improper neutralization of engine-specific SQL functions. The vulnerability affects “Apache Superset” and allows bypassing SQL authorization via certain PostgreSQL functions, mitigated by a config key DISALLOWED_SQL_FUNCTIONS. Th...
GitLab 8.4 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39887)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2022-39887
creationtimestamp| type| source ---|---|--- 2022-11-10 00:49:29+00:00| seen| https://t.me/cibsecurity/52781 2025-05-01 20:16:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14402...
CVE-2022-39887
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting...
CVE-2022-39887
CVE-2022-39887 refers to an improper access‑control vulnerability in the Samsung MiscPolicy function clearAllGlobalProxy (before SMR Nov-2022 Release 1) that allows a local attacker to configure EDM settings. The NVD entry shows a low to medium overall risk depending on vector/impact metrics, wit...
CVE-2021-39887
creationtimestamp| type| source ---|---|--- 2021-10-05 16:30:33+00:00| seen| https://t.me/cibsecurity/29963...
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2021-39887
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2021-39887
Removed by vendor...
CVE-2021-39887
CVE-2021-39887 affects GitLab CE/EE using GitLab Flavored Markdown. The vulnerability is a stored Cross-Site Scripting flaw in the Markdown renderer for version 8.4 and above, enabling an attacker to execute arbitrary JavaScript in a victim’s browser. The public documents consistently describe th...