@bpa-solutions/assistant (>=13.5.0 <=13.5.0-dev), @mazaal-dev/piece-markdown-to-pdf (=0.0.2) +1 more potentially affected by CVE-2025-65108 via md-to-pdf (>=5.0.1 <=5.2.4)

md-to-pdf NPM version =5.0.1, =13.5.0, =0.11.1, =0.11.2 Source cves: CVE-2025-65108 Source advisory: SNYK:JS-MDTOPDF-14089788...

EUVD-2021-7043

Malicious code in bioql PyPI...

CVE-2024-50996

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpaserver parameter at geniebpa.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-50996

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpaserver parameter at geniebpa.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

PT-2024-8363 · NetGear · Netgear Xr300 +3

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128 Description: The issue is related to a stack overflow vulnerability in the genie bpa.cgi script, specifically v...

MAL-2024-1837 Malicious code in bpa-trello-dashboard (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bpa-trello-dashboard (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in odesk.bpa-tsf-calc-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 913d44e6393e1a341f574267f3a31fb22effca6602c910ed05a2274faf14437a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers

Hello guys! The third episode of Last Week’s Security news, July 5 - July 11. There was a lot of news last week. Most of them was again about PrintNightmare and Kaseya. The updates for PrintNightmare CVE-2021-34527 were finally released mid-week. It became possible not only to disable the service...

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...

CVE-2021-1576

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

CVE-2021-1574

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

Authorization

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

Authorization

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

CVE-2021-1576 Cisco Business Process Automation Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

CVE-2021-1576

Cisco BPA web-based management interface (pre-3.1) contains privilege-escalation vulnerabilities due to improper authorization for specific features and log-file access. An attacker with valid credentials and an active session could elevate to Administrator by sending crafted HTTP requests or exf...

CVE-2021-1574

Cisco BPA privilege-escalation vulnerabilities (CVE-2021-1574) affect the web-based management interface of Cisco Business Process Automation prior to release 3.1. The root cause is improper authorization enforcement for certain management features and access to log files containing confidential ...

CVE-2018-2400

Under certain conditions SAP Business Process Automation BPA By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted...

Authentication flaw

Under certain conditions SAP Business Process Automation BPA By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted...

CVE-2018-2366

SAP Business Process Automation (BPA) by Redwood (versions 9.0 and 9.1) is affected by a directory-traversal vulnerability caused by insufficient validation of user-supplied path information. An attacker can use the "../" traversal sequence to access arbitrary files on the server, potentially exp...