MAL-2024-4234 Malicious code in Be.Vlaaոderеn.Basisregisters.AdԁressRegіstry.Api.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaaոderеn.Basisregisters.AdԁressRegіstry.Api.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4248 Malicious code in Be.Vlaаnderen.Basisregisters.MuոіcipalityRеgistry.Api.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4298 Malicious code in Be.Vlаandеren.Basisregisters.PostаlRegistry.Apі.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlаandеren.Basisregisters.PostаlRegistry.Apі.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Bе.Vlaanderen.Basisregіsters.StreetNameRegistry.Api.Extract (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4396 Malicious code in Bе.Vlaanderen.Basisregіsters.StreetNameRegistrу.Api.Extrаct (NuGet)

--- -= Per source details. Do not edit below this line.=-...

OPENSUSE-SU-2024:10523-1 perl-Archive-Extract-0.78-1.1 on GA media

These are all security issues fixed in the perl-Archive-Extract-0.78-1.1 package on the GA media of openSUSE Tumbleweed...

OESA-2024-1733 tracker3-miners security update

Tracker is an efficient search engine and for desktop, embedded and mobile. Security Fixes: A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by ...

CVE-2023-49223

Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information...

CVE-2023-49223

Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information...

CVE-2023-49223

CVE-2023-49223 affects Precor touchscreen console models P62, P80, and P82. Root password is stored in /etc/passwd, enabling a remote attacker to obtain sensitive information and potentially extract files. The impact is described as high confidentiality and integrity risk; attack vector is remote...

OESA-2024-1670 tracker3-miners security update

Tracker is an efficient search engine and for desktop, embedded and mobile. Security Fixes: A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by ...

PT-2024-29447 · WordPress · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.15 Description: The issue is related to PHP Object Injection via deserialization of untrusted...

tcpslice: use-after-free in extract_slice()

A heap use-after-free flaw was found in tcpslices' extractslice. This flaw allows an attacker with local network access to pass a specially crafted 'pcap' file to tcpslice, causing segmentation fault. This vulnerability halts or crashes the application, leading to a denial of service...

JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

CVE-2024-2018

CVE-2024-2018 affects the WP Activity Log Premium plugin for WordPress. The vulnerability is an SQL Injection via entry->roles in all versions up to 4.6.4, caused by insufficient escaping of the user-supplied parameter and insufficient preparation of the SQL query. This can enable authenticate...

Fedora 38 : ghc-base64 / ghc-hakyll / gitit / pandoc / patat (2024-6ad6b9f417)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-6ad6b9f417 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 - pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 - base64 now packaged in Fedora...

BIT-DJANGO-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...