MAL-2025-9785 Malicious code in @zalastax/nolb-_ask (npm)

The package @zalastax/nolb-ask was found to contain malicious code...

CVE-2019-9785

gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require'childprocess'.execFile substring in the onerror attribute of an IMG element...

CVE-2024-9785

creationtimestamp| type| source ---|---|--- 2024-10-10 15:55:21+00:00| seen| https://t.me/cvedetector/7601...

CVE-2024-9785

CVE-2024-9785 affects D-Link DIR-619L B1 firmware 2.06. The bug is in the function formSetDDNS (/goform/formSetDDNS) where the curTime parameter can overflow a buffer, allowing remote exploitation. Exploitation is reported as remote and publicly disclosed, with potential for arbitrary code execut...

CGA-J73M-9785-XFJ9

Bulletin has no description...

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios SA Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request...

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios SA Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request...

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios SA Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request...

CVE-2020-9785

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2020-9785

CVE-2020-9785 affects Apple platforms including iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2. The issue is described as multiple memory corruption problems addressed with improved state management, enabling a malicious application to potentially execute arbitrary code...

macOS 10.15.x < 10.15.4 / 10.14.x < 10.14.6 Security Update 2020-002 / 10.13.x < 10.13.6 Security Update 2020-002

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-002, 10.14.x prior to 10.14.6 Security Update 2020-002, or 10.15.x prior to 10.15.4. It is, therefore, affected by multiple vulnerabilities : - Insufficient control flow in certain data...

CVE-2019-9785

gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require'childprocess'.execFile substring in the onerror attribute of an IMG element...

CVE-2019-9785

CVE-2019-9785 affects gitnote 3.1.0. A crafted Markdown file can cause remote code execution via a malicious onerror attribute in an IMG element that invokes javascript:window.parent.top.require('child_process').execFile. This exposes arbitrary code execution if a renderer processes the Markdown ...

CVE-2017-9785

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...

CVE-2017-9785

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...

CVE-2017-9785

CVE-2017-9785 affects NancyFX Nancy (Csrf.cs) prior to 1.4.4 and 2.x prior to 2.0-dangermouse. It enables Remote Code Execution through deserialization of JSON data in a CSRF cookie. Root cause: unsafe deserialization in cookie handling. Impact: RCE with network access; high severity. Remediation...

CVE-2016-9785

...

CVE-2014-9785

Affected software/hardware: Android on Nexus 7 (2013) with Qualcomm drivers, specifically drivers/misc/qseecom.c. Vulnerability details: The code path does not validate addresses before copying data, enabling a local attacker to gain privileges via a crafted application. Root cause is improper ad...