195 matches found
EUVD-2007-4522
Malware in sbrugna...
EUVD-2018-8962
Malware in sbrugna...
EUVD-2023-2104
Malicious code in bioql PyPI...
EUVD-2023-23819
Malicious code in bioql PyPI...
EUVD-2022-55154
Malicious code in bioql PyPI...
EUVD-2022-49282
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-9062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. CVE-2017-9062 Note that Nessus relies on the presence of the...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...
CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
CVE-2022-49050 memory: renesas-rpc-if: fix platform-device leak in error path
In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix platform-device leak in error path Make sure to free the flash platform device in the event that registration fails during probe...
CVE-2022-49050
CVE-2022-49050 maps to a Linux kernel issue in memory: renesas-rpc-if where a flash platform-device leak could occur in the error path if registration fails during probe. The fixed code ensures the flash platform device is freed on probe error. The vulnerability is local in scope with a medium ba...
Azure Linux 3.0 Security Update: kernel (CVE-1999-0656)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-1999-0656 advisory. - The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying...
[SECURITY] [DSA 5847-1] snapcast security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5847-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2025 https://www.debian.org/security/faq -...
PT-2024-39592
Name of the Vulnerable Software and Affected Versions ThingsBoard versions up to 3.7.0 Description A vulnerability has been found in the HTTP RPC API component of ThingsBoard, which can lead to resource consumption. The attack can be launched remotely, but the complexity of an attack is rather hi...
CBL Mariner 2.0 Security Update: kernel (CVE-1999-0656)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-1999-0656 advisory. - The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying...
Malicious code in DіscorԁRPC.API (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Oracle Linux 8 : krb5 (ELSA-2024-3268)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3268 advisory. 1.18.2-27.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-27 - Fix memory leak in GSSAPI interface Resolves: RHEL-27250 - Fix...
Web3.js 安全漏洞
Web3.js is a TypeScript implementation of the Ethernet JSON RPC API open-sourced by Web3 and related tools maintained by ChainSafe Systems. A security vulnerability exists in versions of Web3.js prior to 4.2.1 that stems from the presence of a prototype contamination vulnerability...
Metasploit Weekly Wrap up
Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...
PT-2023-4340 · Adtran · Adtran Sr400Ac
Name of the Vulnerable Software and Affected Versions: Adtran SR400ac affected versions not specified Description: The issue is related to the lack of input validation in the SmartOS WiFi router ADTRAn SR400ac, allowing remote attackers to execute arbitrary code in the context of the root user. T...