RHCOS : OpenShift Container Platform 4.8.25 (RHSA-2021:5208)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5208 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

EUVD-2021-13980

Malware in sbrugna...

EUVD-2010-2234

Malware in sbrugna...

EUVD-2018-3642

Malware in sbrugna...

PT-2025-27274 · Marvell · Qconvergeconsole

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole without requiring authentication. The problem lies in the...

CVE-2023-46745

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user account...

CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

CVE-2020-21651

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\point.php, which can be exploited via the add method...

CVE-2010-2218

Adobe Flash Media Server FMS before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a "JS method issue."...

CVE-2024-9877 Sensitive information submitted using GET method

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

crossbeam-channel Vulnerable to Double Free on Drop

The internal Channel type's Drop method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the upstream description in merge request \1187: The problem lies in the fact that dicardallmessages contained two paths that could le...

Linux Distros Unpatched Vulnerability : CVE-2018-7182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ctlgetitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mode 6 packet...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2023-51645

CVE-2023-51645 affects Allegra via unzipFile directory traversal that enables remote code execution. Root cause: improper validation of user-supplied paths used in file operations. Impact: code execution in the LOCAL SERVICE context. Authentication is required to exploit, but bypass is possible p...

PT-2024-32293 · Sympy +1 · Sympy +1

Name of the Vulnerable Software and Affected Versions: langchain experimental versions 0.1.17 through 0.3.0 Description: The issue allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in a specific commit on...

PT-2023-18112 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: In the Input Method, there is a possible way to determine whether an app is installed without query permissions due to side channel information disclosure. This could lead to local...

SUSE CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-33046)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in the standard library in Rust prior to version 1.29.0, which stems from weak synchronization in the Arc::get mut method. This synchronization issue could lead to memory safety...

CVE-2018-19530

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...

java-1.6.0-openjdk security update

1:1.6.0.0-1.43.1.10.6 - Updated to IcedTea6 1.10.6 - Resolves: rhbz787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception...