EUVD-2022-6654

Malicious code in bioql PyPI...

EUVD-2024-42686

Malicious code in bioql PyPI...

EUVD-2023-0266

Malicious code in bioql PyPI...

EUVD-2023-2160

Malicious code in bioql PyPI...

num2words subjected to phishing attack, two versions published containing malware

The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1014)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1014 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called...

CVE-2024-28851

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a helper script for the Hive MetaStore Connector. A malicious insider without admin privileges...

CVE-2023-45825

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

EulerOS 2.0 SP11 : git (EulerOS-SA-2025-1355)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

CVE-2024-47782

WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its nam...

RHEL 9 : python-urllib3 (RHSA-2024:0464)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0464 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

CVE-2023-49297 Unsafe YAML deserialization in PyDrive2

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, o...

Apple Releases Security Updates for iOS and iPadOS

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: iOS 17.0.3 a...

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) Process Center (CVE-2015-0101)

Summary Insufficient user input validation in IBM Business Process Manager's Process Center can lead to a cross-site scripting exposure. Vulnerability Details CVEID: CVE-2015-0101 DESCRIPTION: IBM Business Process Manager Process Centeris vulnerable to cross-site scripting, caused by improper...

Low: Red Hat Bug Fix Advisory: glibc bug fix update

Updated glibc packages that fix one bug are now available for Red Hat Enterprise Linux 6. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Server Caching Daemon nscd used by multiple programs on the system...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.1 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.3.1 and fix one security issue, several bugs, and add various enhancements are now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Low security impact. A Common...

Oracle Linux 5 : netpbm (ELSA-2009-0012)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0012 advisory. 10.35-6.1.el53.1 - fix NVR to be greater than previous release in the main branch Related: 472947 10.35-6.el53.1 - fix CVE-2007-2721 and CVE-2008-3520...

百度影音远程代码执行漏洞

百度影音是一款的媒体播放软件。 百度影音在实现上存在远程代码执行漏洞，远程攻击者可利用此漏洞执行任意代码。 开发者在发布该软件的时候，没有将软件中使用的特殊库文件消除，该库文件名称为“log.dll”，推测应该是带有调试性质的日志记录接口，将该文件与任意格式的媒体文件放置在同一目录下，当用户使用百度影音播放媒体文件时，“log.dll”文件将会被同时加载，如果该文件为恶意攻击者开发，那么就会直接造成用户系统受到攻击。为此，恶意攻击者可以利用该漏洞，远程共享带有“log.dll”和媒体文件的文件夹，诱使用户访问，最终实现远程入侵用户系统。 0 Baidu baidu player...