Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the ParseCube function in cmscgats.c. An attacker can cause a denial of service or potentially access sensitive information by providing specially crafted input that triggers an integer overflow...

CVE-2025-12199

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2025-1220)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1220 advisory. Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c CVE-2023-48161 Giflib Projec...

EUVD-2009-5037

Malware in sbrugna...

OpenBSD OpenSSH 8.7p1 - 8.8p1 RCE Vulnerability

OpenBSD OpenSSH is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

XZ backdoor story – Initial analysis

On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 vul check tools This vulnerability allows an at...

XZ Utils SSHd Backdoor

On March 29th, 2024, security researcher Andres Freund discovered a backdoor in XZ Utils versions 5.6.0 and 5.6.1. Under certain conditions, this backdoor may allow remote access to the targeted system. This disclosure was posted to the Openwall mailing list. The security researcher mentions that...

Apache HTTP Server < 2.4.58 'mod_macro' Out-of-bounds Read Vulnerability - Windows

Apache HTTP Server is prone to an out-of-bounds read vulnerability in modmacro. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Exim < 4.95 Buffer Overflow Vulnerability

Exim is prone to a heap-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if...

Exim < 4.96 Invalid Free Vulnerability

Exim is prone to an invalid free vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...

Docker 1.3.x < 1.3.2 Container Escalation Vulnerability

Docker is prone to a container escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

NTP < 4.2.7p42 DoS Vulnerability

NTP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription...

Exploit for Type Confusion in Linux Linux_Kernel

Proof of Concept for CVE-2021-33624 compile with gcc -pthre...

RPCBind 0.2.0 Multiple Vulnerabilities

RPCBind is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Tapestry 5.4.0 < 5.6.4, 5.7.0 < 5.7.1 Information Disclosure Vulnerability

Apache Tapestry is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

ExifTool DjVu ANT Perl injection

This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field. Module...

Apache Flink JobManager Traversal

This module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 use auxiliary/scanner/http/apacheflinkjobmanagertraversal msf auxiliaryapacheflinkjobmanagertraversal show actions ...actions... msf auxiliaryapacheflinkjobmanagertraversal set ACTION msf...