MAL-2026-2122 Malicious code in rowrapee (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 398cfbdac2d3602a5c9836408942993c3f2bbcda911184825f01cf9937fb035e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

EUVD-2019-2966

Malware in sbrugna...

EUVD-2019-13382

Malware in sbrugna...

EUVD-2003-0318

Malware in sbrugna...

EUVD-2005-0587

Malware in sbrugna...

CVE-2024-34788

CVE-2024-34788 affects Ivanti Endpoint Manager Mobile (EPMM). The issue is described as an improper authentication vulnerability in the web component of EPMM, before version 12.1.0.1, allowing a remote attacker to access potentially sensitive information. Connected sources specify affected versio...

GHSA-CMC8-222C-VQP9 Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

CVE-2023-48662

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system...

CVE-2023-48661

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system...

Design/Logic Flaw

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system...

CVE-2023-48665

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system...

CVE-2023-48663

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system...

Ubuntu 16.04 ESM : FFmpeg vulnerabilities (USN-5167-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5167-1 advisory. It was discovered that FFmpeg did not properly verify certain input when processing video and audio files. An attacker could possibly use this to send...

K27053426: Spring data XML vulnerability CVE-2018-1259

Security Advisory Description Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library...

CVE-2022-33926

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked...

Remote code execution

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code...

CVE-2021-43421

Summary: CVE-2021-43421 affects Studio-42 elFinder versions 2.0.4 through 2.1.59, where an unauthenticated file upload via connector.minimal.php enables arbitrary file uploads and PHP code execution on the server. Details from connected docs: multiple sources describe unauthenticated arbitrary fi...

CVE-2021-43421

A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code...

CVE-2021-43102

A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code...