MiracleLinux 8 : libreoffice-6.0.6.1-20.el8 (AXSA:2020-840:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-840:02 advisory. libreoffice: Insufficient URL validation allowing LibreLogo script execution CVE-2019-9850 libreoffice: LibreLogo global-event script execution...

CVE-2025-9850

creationtimestamp| type| source ---|---|--- 2025-09-11 11:32:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyknmgba4q2c...

WordPress Evenium plugin <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Evenium versions = 1.3.11...

Linux Distros Unpatched Vulnerability : CVE-2016-9850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to...

Alibaba Cloud Linux 3 : 0038: libreoffice (ALINUX3-SA-2022:0038)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0038 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-9849: LibreOffice has a 'stealth...

Linux Distros Unpatched Vulnerability : CVE-2014-9850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service resource consumption. CVE-2014-9850 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2020-9850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10...

CVE-2024-9850 SVG Case Study <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2024-9850

CVE-2024-9850 : SVG Case Study plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via SVG file uploads in all versions up to and including 1.0. The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with Autho...

WordPress SVG Case Study Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software SVG Case Study Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9850 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 170c145ba154 Credits Francesco Carlucci Required...

FreeBSD : Gitlab -- vulnerabilities (fbc2c629-0dc5-11ef-9850-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fbc2c629-0dc5-11ef-9850-001b217b3468 advisory. - Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipelin...

Important: libreoffice

Issue Overview: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into...

Debian: Security Advisory (DLA-757-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0340)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1992-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1990-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-9850

creationtimestamp| type| source ---|---|--- 2020-10-01 14:59:34+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/safariinoperatorsideeffect.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:32+00:00|...

Safari Type Confusion / Sandbox Escape Exploit

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion CVE-2020-9850. The...

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)

This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...