EUVD-2018-0097

Malware in sbrugna...

EUVD-2017-5736

Malware in sbrugna...

NewStart CGSL MAIN 7.02 : openssh Vulnerability (NS-SA-2025-0089)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by a vulnerability: - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a...

CVE-2022-43969

Ricoh mpc4504ex devices with firmware 1.06 mishandle credentials...

CVE-2017-18897

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection...

CVE-2018-1002205

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2019-10984

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers...

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

CVE-2024-45305 gix-path uses local config across repos when it is the highest scope

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...

CVE-2024-40614

EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajaxgetrows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting...

Updated wget packages fix security vulnerability

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVE-2024-38428...

CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

RHEL 7 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: use-after-free in xpsfinishimagepath in devices/vector/gdevxps.c could result in a privilege...

CVE-2024-31617

OpenLiteSpeed before 1.8.1 mishandles chunked encoding. Affected software: OpenLiteSpeed (web server). Root cause: mishandling of chunked encoding. Impact stated in sources is limited to the server misbehavior; no explicit exploitation details are provided in the documents. Mitigation: upgrade to...

CVE-2024-34519

Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...

RHEL 7 : openvswitch (RHSA-2019:0081)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0081 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic...

CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2023:0113-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

pretix before 2024.1.1 mishandles file validation...