15 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-13462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or...
DEBIAN-CVE-2025-13462
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
CVE-2025-6589 With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...
EUVD-2012-2076
Malware in sbrugna...
OpenSSL Multiple Vulnerabilities (20150319 - 2) - Windows
OpenSSL is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OpenSSL Multiple Vulnerabilities (20150319 - 2) - Linux
OpenSSL is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GLSA-201503-11 : OpenSSL: Multiple vulnerabilities (FREAK)
The remote host is affected by the vulnerability described in GLSA-201503-11 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers and the upstream advisory referenced below for details: RSA silently downgrades to EXPORTRSA Client...
OpenSSL < 1.0.2a Multiple Vulnerabilities
Binary data 801935.prm...
Vulnerability in OpenSSL - Multiblock corrupted pointer
Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...
CVE-2012-2070
Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...
Cross site scripting
Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...
CVE-2012-2070
Cross-site scripting XSS vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title...
CVE-2012-2070
The CVE-2012-2070 issue affects the Drupal MultiBlock module (versions 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.1). The root cause is insufficient sanitization of the block title, allowing an authenticated user with the administer blocks permission to inject arbitrary web script or HTM...
SA-CONTRIB-2012-043 - MultiBlock - Cross Site Scripting
CVE: CVE-2012-2070 The MultiBlock module allows an administrator to create multiple instances of blocks provided by other modules. The module does not properly sanitize the block title provided by a block administrator, leading to a cross-site scripting XSS vulnerability. Such an attack may lead ...
DEBIAN-CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...