786 matches found
EUVD-2022-52421
Malicious code in bioql PyPI...
EUVD-2022-30802
Malicious code in bioql PyPI...
BIT-NIFI-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
Linux Distros Unpatched Vulnerability : CVE-2016-3900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cmds/servicemanager/servicemanager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does...
Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR
Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR By Maulik Maheta and Lishoy Mathew · September 8, 2025 Executive summary The tactics of cyber adversaries continue to evolve as they attempt to bypass security vendors. Rather than traditional malware, today’s...
CVE-2025-31979
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or w...
Malicious code in f0-service-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c1c79e59e1f33e79ec5042730e0bfb49f02f35acd0399884dbdac006aebcbbd The OpenSSF Package Analysis project identified 'f0-service-manager' @ 4.1.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6866 Malicious code in f0-service-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c1c79e59e1f33e79ec5042730e0bfb49f02f35acd0399884dbdac006aebcbbd The OpenSSF Package Analysis project identified 'f0-service-manager' @ 4.1.0 npm as malicious. It is considered malicious because: - The package...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)
Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION:...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache CXF (CVE-2025-23184)
Summary Apache CXF is shipped with IBM Tivoli Business Service Manager as part of the web services framework. Information about a security vulnerability affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...
[SECURITY] Fedora 41 Update: systemd-256.15-1.fc41
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
[SECURITY] Fedora 42 Update: systemd-257.6-1.fc42
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
CVE-2024-3250
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...
CVE-2021-38560
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx...
CVE-2021-39806
In closef of labelbackendsandroid.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User...
CVE-2020-9521
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation SMA, affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being...
CVE-2020-9518
Login filter can access configuration files vulnerability in Micro Focus Service Manager Web Tier, affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data...
CVE-2020-9519
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...