MAL-2024-12371 Malicious code in yt-yson-bindings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 870d6e991bf31676829c84080af299f206568bc11d6f9b42bf5fe2dca50cb79d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12315 Malicious code in oaieval (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fd257dee43f966eaacc56e07462eae9170a8a81dc1be6f0df9145f8c3a44de59 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12357 Malicious code in szn-url (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8dbd5099f883c22c11b6c3e27f199e23751f72efa73b3aac476a63ab17dda5dd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2021-3198

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1648)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0268-1 Rating: important References: 1181772 Cross-References: CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 Affected Products: openSUSE Backports SLE-15-SP2 An...

CVE-2019-20916

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

Directory traversal

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

CVE-2019-20916

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

CVE-2019-20916

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

Path traversal

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

CVE-2019-5484

CVE-2019-5484 – Bower path traversal . Affects Bower up to version 1.8.7; older releases permit writing files to arbitrary locations during extraction of a malicious package via the install command. Root cause is improper validation of extracted paths, enabling directory traversal and arbitrary f...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

PT-2019-17702 · Twitter · Bower

Name of the Vulnerable Software and Affected Versions: bower versions prior to 1.8.8 Description: The issue allows for a path traversal vulnerability, enabling file write in arbitrary locations via the install command. This occurs because bower does not verify that extracted symbolic links do not...

AIX 610004 : U836760

The remote host is missing AIX PTF U836760 which is related to the security of the package devices.vdevice.IBM.l-lan.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

AIX 610003 : U836924

The remote host is missing AIX PTF U836924 which is related to the security of the package bos.cpr You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

SUSE-SA:2002:048: cyrus-imapd

The remote host is missing the patch for the advisory SUSE-SA:2002:048 cyrus-imapd. The cyrus imapd contains a buffer overflow which could be exploited by remote attackers prior to logging in. Attackers could generate oversized error messages and overflow buffers inside imapd. Additionally to thi...