EUVD-2010-1352

Malware in sbrugna...

EUVD-2013-3645

Malware in sbrugna...

Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:16) - Remote Known Vulnerable Versions Check

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

CVE-2023-29707

Cross Site Scripting XSS vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device...

Synology Router Manager (SRM) 1.2.x, 1.3.x Uncontrolled Search Path Element Privilege Escalation Vulnerability (Synology-SA-23:06)

Synology Router Manager SRM is prone to an uncontrolled search path element privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

KDAB Hotspot 竞争条件问题漏洞

KDAB Hotspot is an application for KDAB individual developers. Create a standalone GUI for performance data. A security vulnerability exists in KDAB Hotspot version 1.3.x and 1.4.1 and prior versions 1.4.x. The vulnerability stems from the presence of a race condition that can be exploited by an...

CVE-2019-25078

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4....

CVE-2022-27495

On all versions 1.3.x fixed in 1.4.0 NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Design/Logic Flaw

On all versions 1.3.x fixed in 1.4.0 NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Design/Logic Flaw

Affected versions of Sylius give attackers the ability to switch channels via the channelcode GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no syliuschannel.debug is set explicitly in the configuration, the default value...

Istio Denial of Service Vulnerability

Istio is a set of open platforms for connecting, managing and securing microservices. A denial of service vulnerability exists in version 1.3.x of Istio prior to 1.3.5, which can be exploited by an attacker to cause a denial of service...

Design/Logic Flaw

Pivotal Container Services PKS versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information...

python-sqlalchemy: SQL Injection when the order_by parameter can be controlled

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...

Kubernetes 1.3.x < 1.7.14 / 1.8.x < 1.8.9 / 1.9.x < 1.9.4 multiple vulnerabilities

The version of Kubernetes installed on the remote host is version 1.3.x prior to 1.7.14, 1.8.x prior to 1.8.9 or 1.9.x prior to 1.9.4. It is, therefore, affected by multiple vulnerabilities. - An arbitrary file access vulnerability exists in containers using subpath volume mounts. An authenticate...

PYSEC-2019-53

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...

Design/Logic Flaw

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002101

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type including non-privileged pods, subject to file permissions can access files/directories outside of the volume, including the host's filesyste...