Python Library OpenEXR 3.4.x < 3.4.7 Heap Buffer Overflow (OOB Read)

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.7. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the the HTJ2K decoder in OpenEXR when copying decompressed samples from OpenJPH...

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

EUVD-2022-3241

Malicious code in bioql PyPI...

EUVD-2022-3015

Malicious code in bioql PyPI...

EUVD-2022-0749

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-15569

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value tha...

SUSE CVE-2012-1190

Cross-site scripting XSS vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name...

GHSA-G4G7-Q726-V5HG Symfony CSRF Token Fixation

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

PT-2022-16596 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 1.6.0 through 3.3.2 Mastodon versions 3.4.x through 3.4.5 Description: The issue is related to incorrect access control due to the failure to compact incoming signed JSON-LD activities. JSON-LD signing has been supported sin...

DEBIAN-CVE-2021-22207

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2020-4000

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files...

Centreon SQL Injection Vulnerability

Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A SQL injection...

Joomla! 3.4.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Joomla! 3.4.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

CVE-2018-11406

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

Octopus Deploy has an unspecified vulnerability (CNVD-2018-10168)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy version 3.4.x prior to 2018.4.7. An attacker can exploit the vulnerability to view/update/save variable values in the Tenant Variables area...

MySQL Enterprise Monitor 3.3.x < 3.3.7.3306 / 3.4.x < 3.4.5.4248 / 4.0.x < 4.0.2.5168 Multiple Vulnerabilities (January 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.3.x prior to 3.3.7.3306, 3.4.x prior to 3.4.5.4248, or 4.0.x prior to 4.0.2.5168. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch...

MongoDB DoS Vulnerability (Oct 2017) - Windows

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

MongoDB DoS Vulnerability (Oct 2017) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

Design/Logic Flaw

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ...