14 matches found
EUVD-2024-54869
Malicious code in bioql PyPI...
Moderate: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update
An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: python-pip security update
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...
CVE-2023-42796
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11, CP-8050 MASTER MODULE All versions CPCI85 V05.11. The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote...
Issabel PBX 安全漏洞
Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A security vulnerability exists in Issabel PBX version v.4.0.0-6, which stems from a vulnerability that allows any remote attacker to view application-sensiti...
CVE-2023-29402
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory...
Directory traversal
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory...
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory...
CVE-2013-6358
PrestaShop 1.5.5 is affected: remote authenticated attackers can execute arbitrary code by uploading a crafted profile and then accessing it under the module/ directory. Root cause is improper handling of uploaded profiles allowing code execution. Impact is high (remote code execution) per CVE re...
SUSE SLED12 / SLES12 Security Update : systemd, dracut (SUSE-SU-2017:1898-1)
This update for systemd and dracut fixes the following issues: Security issues fixed : - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. bsc1045290 Non-security issues fixed in systemd : - Automounter issue in combination with NFS volume...
openSUSE Security Update : samba (openSUSE-2017-437)
"This update for samba fixes the following issues : Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory bsc1027147. Bugfixes : - Force usage of ncurses6-config thru NCURSESCONFIG env var bsc1023847. - Add missing ldb module directory bsc1012092. -...
CVE-2007-4829
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to 1 core/modules/my/my.module.php or 2 core/modules/xml/xml.module.php; the COREROOT parameter to 3 config.loader.php, 4...