EUVD-2025-112956

Malicious code in halley-mysql-server-sync npm...

MAL-2025-143156 Malicious code in halley-mysql-server-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ff79e54f23575a8eaefcecf238fe02a47095af96770878b4d382e9964a3475 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2023-41210

Malicious code in bioql PyPI...

EUVD-2021-8224

Malicious code in bioql PyPI...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

SUSE SLES15 Security Update : SUSE Manager Proxy and Retail Branch Server 4.3 (SUSE-SU-2024:4006-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4006-1 advisory. cobbler: - Security issues fixed: CVE-2024-47533: Prevent privilege escalation from none to admin bsc1231332 - Other bugs fixed: Increase start...

SecureMail 24.2 for iOS unable to connect to exchange server

When a user on iOS updates their installed version of SecureMail to 24.2, it no longer syncs with on-prem exchange server. Error in SecureMail logs as follow s: "Secure Mail: The connection to the server timed out. Please try again in a few minutes."...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

Information disclosure

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

CVE-2023-37306

CVE-2023-37306 pertains to MISP 2.4.172, where server sync mishandles certificate file extensions, causing information disclosure through error messages. The affected component is MISP 2.4.172; root cause is improper handling of certificate extensions during server synchronization. Impact is info...

PT-2023-25897 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.172 Description: The issue arises from MISP's mishandling of different certificate file extensions during server sync, leading to sensitive information disclosure through error messages. Recommendations: For MISP version...

CVE-2023-37306

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...

Path traversal

A Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

Fedora: Security Advisory for owncloud-client (FEDORA-2022-d6faaa50eb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2144-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: inter-server-sync: - version 0.2.2 Parameter --channel-with-children didn't export data bsc1199089 Clean rhnchannelcloned table to rebuild hierarchy bsc1197400 - Version 0.2.1 Correct sequence in use for table rhnpackagekeybsc1197400 Make Docker image expor...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...