MiracleLinux 4 : glibc-2.12-1.47.AXS4.5 (AXSA:2012-123:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-123:02 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

MiracleLinux 3 : kernel-2.6.18-53.21AXS3 (AXSA:2009-22:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-22:03 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

CVE-2025-20764

In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029...

CVE-2025-20764

In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029...

EUVD-2017-6326

Malware in sbrugna...

CVE-2025-5029 Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...

Linux Distros Unpatched Vulnerability : CVE-2014-5029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language0...

Linux Distros Unpatched Vulnerability : CVE-2016-5029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The createfullestfilepath function in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted dwarf...

Linux Distros Unpatched Vulnerability : CVE-2009-5029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the tzfileread function in glibc before 2.15 allows context-dependent attackers to cause a denial of service crash and possibly execute...

CVE-2024-5029

creationtimestamp| type| source ---|---|--- 2024-11-21 06:06:39+00:00| seen| https://infosec.exchange/users/cve/statuses/113519440534872706...

CVE-2024-5029 CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5029

The CM Table Of Contents WordPress plugin (versions before 1.2.4) is vulnerable due to missing CSRF protection when updating settings, and lack of input sanitisation/escaping. The issue could enable a logged-in administrator to inject Stored XSS payloads via a CSRF attack. Remediation: upgrade to...

CVE-2024-5029 CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress CM Table Of Contents – WordPress TOC Plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software CM Table Of Contents – WordPress TOC Plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5029 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7d80877428bb...

RHEL 7 : libdwarf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libdwarf: heap-based buffer over-read in dwarfformsdata CVE-2017-9055 - The dwarfreadciefdeprefix functio...

CVE-2019-5029

creationtimestamp| type| source ---|---|--- 2023-12-14 00:02:55+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6176 2023-12-18 12:17:24+00:00| seen| https://t.me/arpsyndicate/1980 2024-02-14 08:17:02+00:00| seen| https://t.me/ctinow/184454 2025-01-16 16:00:10+00:00|...

CVE-2023-5029

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5029 mccms 1 sql injection

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

BELL-CVE-2017-5029 CVE-2017-5029 does not affect BellSoft software

Bulletin has no description...

Mageia: Security Advisory (MGASA-2014-0313)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...