2293 matches found
Malicious code in browser-history-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 032a326beadf36ce66d29555a7dacc90d6dfc733435dc61852cbc1e5128ee73d When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...
Malicious code in browser-history-analytics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...
CVE-2024-34711
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...
CVE-2023-50178
An improper certificate validation vulnerability CWE-295 in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication...
[SECURITY] Fedora 41 Update: zsync-0.6.2-3.fc41
zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...
CVE-2023-46307
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...
[SECURITY] Fedora 42 Update: zsync-0.6.2-3.fc42
zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...
CVE-2022-45434
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP...
CVE-2021-32198
EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service Windows GUI hang by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon...
CVE-2021-21957
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-7126
A remote server-side request forgery ssrf vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...
CVE-2019-10290
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2012-4669
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
Security Bulletin: IBM WebSphere Application Server, which is bundled with WebSphere Remote Server, is affected by a cross-site scripting vulnerability due to user ability to embed arbitrary JavaScript code in the Web UI (CVE-2025-33104)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936
CVE-2025-0936 affects Arista EOS with a gNMI transport enabled, where using the gNOI File TransferToRemote RPC with remote-credentials can cause those credentials to be logged on the local EOS device or on remote accounting servers (TACACS, RADIUS). The issue is triggered when the OpenConfig gNOI...
CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-25690)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Ubuntu 20.04 LTS : Linux kernel (IBM) vulnerabilities (USN-7458-1)
"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7458-1 advisory. Attila Szsz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a...