EUVD-2022-35449

Malicious code in bioql PyPI...

CVE-2024-56731

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

CVE-2021-38448

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

GHSA-9PP6-WQ8C-3W2C Gogs allows argument injection during the previewing of changes

Impact Unprivileged user accounts can write to arbitrary files on the filesystem. We could demonstrate its exploitation to force a re-installation of the instance, granting administrator rights. It allows accessing and altering any user's code hosted on the same instance. Patches Unintended Git...

PT-2023-12746 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.2 before 05.27.29 InsydeH2O versions 5.3 before 05.36.29 InsydeH2O versions 5.4 before 05.44.13 InsydeH2O versions 5.5 before 05.52.13 Description: A TOCTOU race-condition issue allows an attacker to alter data and code...

CVE-2022-30244

Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program...

CVE-2021-38448

CVE-2021-38448 affects Trane Symbio controllers (Symbio 700 and Symbio 800). The root cause is improper sanitization of input containing code syntax, allowing a crafted input to alter controller flow and potentially execute arbitrary code. Public advisories (ICS-CERT/US-CISA) link this to code in...

CVE-2021-38450

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

Design/Logic Flaw

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

Improper access control

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this...

CVE-2016-10442

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this...

Debian Security Advisory DSA 208-1 (perl, perl-5.004, perl-5.005)

The remote host is missing an update to perl, perl-5.004, perl-5.005 announced via advisory DSA 208-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...