@aligent/auth-module (>=0.0.3 <=1.0.1), @baic/preset-yolk-taro-miniprogram (>=2.1.0-alpha.0 <=2.1.0-alpha.283) +41 more potentially affected by unknown CVE via jest-date-mock (>=1.0.10 <=1.0.8)

jest-date-mock NPM version =1.0.10, =0.0.3, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.259, =2.1.0-alpha.259, =1.0.1, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =10.2.1-spike-ol.2, =12.0.0 and more Source cves: unknown CVE...

CVE-2026-4137

CVE-2026-4137 : In mlflow/mlflow before 3.11.0, two temp-dir creation paths expose world/group-writable permissions: get_or_create_nfs_tmp_dir() creates 0o777 and _create_model_downloading_tmp_dir() creates 0o770. This enables local attackers with access to shared NFS mounts (e.g., Databricks) to...

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

DLA-4137-1 libbpf - security update

Bulletin has no description...

CVE-2022-4137

creationtimestamp| type| source ---|---|--- 2023-09-26 00:34:30+00:00| seen| https://t.me/cibsecurity/71017 2025-08-21 21:02:36+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto35toi2m...

CVE-2022-4137

CVE-2022-4137 is a reflected XSS in Keycloak’s oob OAuth endpoint caused by incorrect null-byte handling. A malicious link can insert an arbitrary URI into a Keycloak error page, and exploitation requires user interaction, potentially compromising user details. Connected sources identify this vul...

RHEL 9 : kernel (RHSA-2023:4137)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4137 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect...

SUSE CVE-2016-4137

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083...

Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

Summary IBM Spectrum Control formerly Tivoli Storage Productivity Center is vulnerable to cross-site scripting and failure to enforce HTTP Strict Transport Security. Vulnerability Details CVEID: CVE-2019-4137 DESCRIPTION: IBM Tivoli Storage Productivity Center is vulnerable to cross-site scriptin...

Mageia: Security Advisory (MGASA-2016-0228)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-4137

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB...

CVE-2018-4137

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement...

CVE-2018-4137

The CVE-2018-4137 issue affects Apple Safari and iOS: Safari before 11.1 and iOS before 11.3 allow a remote attacker to read autofilled data via the Safari Login AutoFill component without requiring user confirmation. This appears as a cross-product autofill disclosure risk in the Safari/Login Au...

macOS : Apple Safari < 11.1 Multiple Vulnerabilities

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108805;...

CVE-2017-4137

...

CVE-2017-4137

CVE-2017-4137 is rejected/not used and does not represent an active vulnerability entry.

Debian DSA-4137-1 : libvirt - security update

Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library : - CVE-2018-1064 Daniel Berrange discovered that the QEMU guest agent performed insufficient validation of incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisatio...

CVE-2010-4137

...

CVE-2012-4137

CVE-2012-4137 is rejected/not used; this ID does not represent an active vulnerability entry.