EUVD-2022-1267

Malicious code in bioql PyPI...

XINJE XDPPro 安全漏洞

XINJE XDPPro is a USB port connection programming software using PLCs from China XINJE XINJE. A security vulnerability exists in XINJE XDPPro versions 3.2.2 through 3.7.17c, which originates from an insecure privilege in the XNetSocketClient component that allows an attacker to execute arbitrary...

UBUNTU-CVE-2022-36937

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications...

CVE-2022-21167

All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client...

Masuit.Tools 安全漏洞

Masuit.Tools is a number of commonly used operation classes , mostly static classes , encryption and decryption , reflection operations , weighted random filtering algorithm , distributed short id , expression tree , linq extension , file compression , multi-threaded download and FTP client ,...

Deserialization of Untrusted Data in SinGooCMS.Utility

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatt...

Design/Logic Flaw

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatt...

CVE-2022-0749

The CVE-2022-0749 entry affects all versions of SinGooCMS.Utility. The vulnerability originates from the socket client (SocketClient.cs) in SinGooCMS.Utility, where payloads can be delivered through user-controlled input after a connection is established. This happens because the transmission pat...

Arbitrary Code Execution

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it...

Arbitrary Code Execution

Overview Masuit.Tools.Abstractions is a package for some commonly used operation classes, mostly static classes, encryption and decryption, reflection operations, weighted random screening algorithms, distributed short IDs, expression trees, linq extensions, file compression, and multithreading...

Deserialization of Untrusted Data

Overview SinGooCMS.Utility is a collection of tools, including configuration, file, date, data, serialization, reflection, image processing, network, cache, Web related, encryption and decryption, compression, class expansion and other tools, almost covering the development of All tool...

aurelia-sails-socket-client (=0.10.0) potentially affected by CVE-2021-41097 via aurelia-path (=1.0.0-beta.1)

aurelia-path NPM version =1.0.0-beta.1 is affected by a known vulnerability. The following packages have a transitive dependency on aurelia-path and may be impacted: - aurelia-sails-socket-client =0.10.0 Source cves: CVE-2021-41097 Source advisory: OSV:GHSA-3C9C-2P65-QVWV...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...

SuSE 10 Security Update : PHP (ZYPP Patch Number 2236)

This update fixes the following security problems in the PHP scripting language : - Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. CVE-2006-5465 - A missing...