EUVD-2024-2814

Malicious code in bioql PyPI...

CVE-2020-26205

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

GHSA-HV38-H5PJ-C96J OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries

In OpenDaylight Model-Driven Service Abstraction Layer MD-SAL through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment...

OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries

In OpenDaylight Model-Driven Service Abstraction Layer MD-SAL through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment...

CVE-2024-46942

In OpenDaylight Model-Driven Service Abstraction Layer MD-SAL through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment...

CVE-2024-46942

In OpenDaylight Model-Driven Service Abstraction Layer MD-SAL through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment...

CVE-2024-46942

In OpenDaylight Model-Driven Service Abstraction Layer MD-SAL through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment...

CVE-2024-46942

CVE-2024-46942 affects OpenDaylight MD-SAL up to version 13.0.1, where a controller with a follower role can configure flow entries in a clustering deployment. This is documented across multiple sources (Red Hat advisory, Veracode entry, GHSA, OSV, CVE lists). The underlying issue is improper enf...

MAL-2022-5911 Malicious code in sal-stack-lwip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d946218f7aa8ac2e92c864ffba5062ee0a2a88093365218e2ba69cbf1ac25df7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sal-stack-lwip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d946218f7aa8ac2e92c864ffba5062ee0a2a88093365218e2ba69cbf1ac25df7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

org.opendaylight.groupbasedpolicy:groupbasedpolicy (>=0.1.0-Helium <=0.1.2-Helium-SR2), org.opendaylight.openflowplugin:openflowplugin-extension-nicira (>=0.0.3-Helium <=0.0.5-Helium-SR2) +2 more potentially affected by CVE-2015-1611 +1 more via org.opendaylight.openflowplugin:openflowplugin (>=0.0.3-Helium <=0.0.5-Helium-SR2)

org.opendaylight.openflowplugin:openflowplugin MAVEN version =0.0.3-Helium, =0.1.0-Helium, =0.0.3-Helium, =0.0.3-Helium, =1.0.0-Helium, =1.0.2-Helium-SR2 Source cves: CVE-2015-1611, CVE-2015-1612 Source advisory: OSV:GHSA-49WF-927P-JPVJ...

CVE-2020-26205

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

CVE-2020-26205

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

Spoofing

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

CVE-2020-26205 XSS in Sal

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

CVE-2020-26205

CVE-2020-26205 affects Sal, a multi-tenant reporting dashboard for Munki that displays data from Facter. The connected sources describe an XSS vulnerability in the machine_list view present up to Sal version 4.1.6. The vulnerability is surfaced via input that can be reflected into the page, enabl...

HackerOne: Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.████.com)

The page located at https://sal.██████.com/list/Activity/hour/all/0/ suffers from a Cross-site Scripting XSS vulnerability when a user has set their hostname on their machine to an XSS payload. Vulnerable Page https://sal.██████.com/list/Activity/hour/all/0/ Victim IP Address ███████ Referer...

The vulnerability of the sal_util_str_encrypt() function (libsal.so) in the software for Zyxel routers series GS1900 allows a attacker to disclose protected information.

The vulnerability of the salutilstrencrypt function libsal.so in Zyxel router microsoftware of the GS1900 series exists due to the rigid encoding of registration data. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...

Upgrade to Application Links 4.2.4, SAL 2.12.2+

We have vulnerability in application links: https://jira.atlassian.com/browse/JRA-38918 Bumping applinks to 4.2.4 and SAL to 2.10.20 will fix the problem. Product should implement IFRAME page capability in their login page provided by LoginUriProvider...

Upgrade to Application Links 4.2.4, SAL 2.12.2+

We have vulnerability in application links: https://jira.atlassian.com/browse/JRA-38918 Bumping applinks to 4.2.4 and SAL to 2.10.20 will fix the problem. Product should implement IFRAME page capability in their login page provided by LoginUriProvider...