GO-2025-4160 Grype has a credential disclosure vulnerability in its JSON output in github.com/anchore/grype

Grype has a credential disclosure vulnerability in its JSON output in github.com/anchore/grype...

EUVD-2017-4160

Malware in sbrugna...

CVE-2022-4160

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...

CVE-2025-4160

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2025-4160

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2025-4160

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2025-4160

creationtimestamp| type| source ---|---|--- 2025-05-01 10:14:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14253 2025-05-01 13:01:04+00:00| published-proof-of-concept| Telegram/6e5WMTkhV3TMn7TkqtlmwmCtnnbutLPUEF-u2a5stw7AXc 2025-05-01 14:49:52+00:00| seen|...

CVE-2025-4160

CVE-2025-4160 affects PCMan FTP Server up to version 2.0.7. Multiple sources describe a buffer‑overflow vulnerability in the LS Command Handler caused by improper validation of input length/size. The issue can be exploited remotely and has been characterized as potentially enabling a denial of se...

Advisory ROSA-SA-2025-2858

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...

Azure Linux 3.0 Security Update: edk2 / openssl (CVE-2021-4160)

The version of edk2 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4160 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...

CBL Mariner 2.0 Security Update: openssl (CVE-2021-4160)

The version of openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4160 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affecte...

Photon OS 3.0: Nxtgn PHSA-2022-3.0-0372

An update of the nxtgn package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0372. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2021-4160 affecting package edk2 for versions less than 20240223gitedc6681206c1-2

CVE-2021-4160 affecting package edk2 for versions less than 20240223gitedc6681206c1-2. An upgraded version of the package is available that resolves this issue...

OpenSSL 1.0.2 < 1.0.2zc Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zc. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zc advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS...

CVE-2024-4160

The CVE-2024-4160 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Download Manager plugin (wp-admin shortcode wpdm-all-packages) affecting versions up to 3.2.90. The issue arises from insufficient input sanitization and output escaping on user-supplied attribute...

CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CentOS 7 : java-1.8.0-ibm (RHSA-2023:4160)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4160 advisory. - IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe...