10 matches found
VulnCheck KEV: CVE-2025-58443
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...
EUVD-2025-27087
Malicious code in bioql PyPI...
CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...
CVE-2022-36039
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's...
GHSA-P757-4V3P-J74F Known vulnerable to account takeover via host header injection attack in v1.3.1
Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...
Known v1.3.1 contains Insecure Direct Object Reference
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...
Known vulnerable to code execution via SVG file in v1.3.1
An issue in the isSVG function of Known v1.3.1 allows attackers to execute arbitrary code via a crafted SVG file. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...
Fedora 30 : xar (2020-bbd24dd0cf)
The remote Fedora 30 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2020-bbd24dd0cf advisory. - Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close...
Ubuntu Vivid Upstart Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Although just reported to Ubuntu, this minor dev-branch issue was already made public. As the launchpad/lkml/... feed-miners should not play all the games alone, and as others may want to learn how beginner errors still make it into packages of quite...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the orderedmalloc function in boost/pool/pool.hpp. An attacker can perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated...