EUVD-2022-37027

Malicious code in bioql PyPI...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

CVE-2012-0782

Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the significance of...

7-Zip < 24.01 Heap-based Buffer Overflow

The version of 7-Zip installed on the remote Windows host is below 24.01. It is, therefore, affected by multiple vulnerabilities: - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offse...

Dmidecode: Privilege Escalation

Background Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard see a sample output. This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

SUSE SLES15 Security Update : glib2 (SUSE-SU-2023:3535-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3535-1 advisory. - An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a pa...

EulerOS 2.0 SP9 : dmidecode (EulerOS-SA-2023-2329)

According to the versions of the dmidecode package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via...

CVE-2023-29579

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

Cross-site Scripting in Backdrop CMS

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

Cross site scripting

DISPUTED A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload i...

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible...

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

Design/Logic Flaw

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible...

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

AZL-26166 CVE-2023-29581 affecting package yasm 1.3.0-17

yasm 1.3.0.55.g101bc has a segmentation violation in the function deleteToken at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to ...

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...