101 matches found
EUVD-2016-8383
Malware in sbrugna...
EUVD-2019-8868
Malware in sbrugna...
EUVD-2023-57830
Malicious code in bioql PyPI...
EUVD-2023-35453
Malicious code in bioql PyPI...
CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...
CVE-2024-27829
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution...
PT-2025-13283 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak bug has been identified in the Linux kernel, specifically in the ufx usb probe function. The error handling code in this function has several issues, including missing uf...
CVE-2022-49444
In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...
PT-2025-2937 · Suse +1 · Suse Linux Enterprise Server +1
Name of the Vulnerable Software and Affected Versions: Teradata versions prior to 2024-11-04 Description: The issue concerns the mismanagement of groups by certain Teradata account-handling code when used with SUSE Enterprise Linux Server. Specifically, during an operating system change from SUSE...
CVE-2024-56707
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2mboxgetrsp errors in otx2dmacflt.c Add error pointer checks after calling otx2mboxgetrsp...
CVE-2024-45294
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1795)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1736)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...
Ubuntu 20.04 LTS : Bind vulnerabilities (USN-6642-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6642-1 advisory. Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker...
ISC BIND DoS Vulnerability (CVE-2023-5517) - Linux
ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...
CVE-2023-5517 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled
A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...
Ubuntu 22.04 LTS / 23.10 : Bind vulnerabilities (USN-6633-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6633-1 advisory. Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote...
ISC BIND 9.12.0 < 9.16.48 / 9.16.8-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Assertion Failure (cve-2023-5517)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-5517 advisory. - A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is...
Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...