EUVD-2023-58326

Malicious code in bioql PyPI...

CVE-2023-6071

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

Command injection

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...

USN-4757-2: wpa_supplicant and hostapd vulnerability

USN-4757-1 fixed a vulnerability in wpasupplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically...

@amcorvi/loadout (>=0.0.0 <=0.1.2), @amory/clean (>=2018.8.13-0 <=2018.8.13-2) +152 more potentially affected by unknown CVE via esm (>=3.0.14 <=3.0.84)

esm NPM version =3.0.14, =0.0.0, =2018.8.13-0, =2018.8.13-0, =2018.8.9-0, =2018.10.14-0, =2018.10.16-0, =2018.8.13-0, =2018.10.14-0, =2018.10.12-0, =2018.8.8-0, =2018.8.13-0, =0.4.1, =2.1.0, =2.2.0, =2.1.0, =2.3.0-beta.10 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QX4V-6GC5-F2VV...

USN-3689-2: Libgcrypt vulnerability

USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private ke...