Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...

EUVD-2026-4002

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through = 1.0.10...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

Linux Distros Unpatched Vulnerability : CVE-2021-4002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned t...

CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system...

CVE-2024-4002

creationtimestamp| type| source ---|---|--- 2025-05-15 20:33:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16560...

CVE-2024-4002

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-4002

CVE-2024-4002 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” up to version 2.6.9. The issue comes from insufficient sanitization/escaping of certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_htm...

CVE-2025-4002

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is...

CVE-2025-4002

creationtimestamp| type| source ---|---|--- 2025-04-28 05:10:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13656 2025-04-28 07:40:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnubaqh3sz2s 2025-04-28 09:52:54+00:00| seen|...

CVE-2025-4002 RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is...

CVE-2025-4002 RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is...

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

Linux Distros Unpatched Vulnerability : CVE-2013-4002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14,...

Amazon Linux 2 : kernel (ALAS-2025-2752)

The version of kernel installed on the remote host is prior to 4.14.256-197.484. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2752 advisory. A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls...

Debian: Security Advisory (DLA-4002-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-4002

creationtimestamp| type| source ---|---|--- 2024-08-01 00:22:06+00:00| seen| https://t.me/cvedetector/2183...

Rocky Linux 9 : thunderbird (RLSA-2024:4002)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4002 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...

Oracle Linux 9 : thunderbird (ELSA-2024-4002)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4002 advisory. 115.12.1-1.0.1 - Add Oracle prefs 115.12.1 - Add OpenELA debranding 115.12.1-1 - Update to 115.12.1 build1 115.12.0-2 - Update to 115.12.0 build2...

RHEL 6 : kvm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Qemu: net: buffer overflow in MIPSnet emulator CVE-2016-4002 - The KVM subsystem in the Linux kernel befo...