Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

Malicious code in asf-component-templateruntime (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a8505a127506a075d45802e114b4c6b3d9fe34267a7586fbd1724c5b70b0754d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
osv
osv

Malicious code in asf-component-listrenderer (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (6f800a7b495b28797dd18361930f1686e2cb294f6972babb0263a6e194afcf6a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
osv
osv

Malicious code in mmsdk-apml-htmlrendererr (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (35d7d1e7291969903946488e1ba191e23233d78f75808e9517ff90308f1b3d4f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
osv
osv

Malicious code in apl-validator (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (5c9d01a1289fd5e02d94728d6b0a19ec77687aadfde1e9807050227a0de03dc7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
osv
osv

Malicious code in mmsdk-apml-htmlrenderer (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ae0814f13d1d5f49711b30a6fe260c2bfb566047df1b02774e899421faf58c92) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
osv
osv

Malicious code in portfolio-organism-adp-wrapper (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (41eb756462a90039b0df22968214c17f7b6bbf6a4aaf0db84da2266a6e33813d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
3
osv
osv

Malicious code in ct-helpers (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e783edf3831848aac61070e6d4fcd03fb9023946d4c766f49e7d35b0403baa6f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:51 AM
1
osv
osv

Malicious code in code.cloudflare.ajax (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (5869f17e67758b1fd6d47d84b2ab8d46f7912558ed8120de69bfc64ed5c0063d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 06:54 AM
1
osv
osv

Malicious code in code.cloudflare.com (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (fd0d00a0ff9a56ee7446eb2b6ffa5b59db4eb466925a2c3d769df90c00fdcd76) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 06:54 AM
osv
osv

Malicious code in coe.com (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (1b84c4d60e18fabe333d5d74a3fa2838edc6a70491dc3e9c7e3cc1d1f33e7241) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 06:54 AM
1
osv
osv

Malicious code in code.jquery.ajax (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (52954659c906ed745d4b0c4b28b77fd0637eac32a5a4229bbeb6fa5ea8f7d004) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 06:54 AM
thn
thn

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....

8AI Score

2024-06-11 06:52 AM
1
osv
osv

Malicious code in aws-public (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b192498364ed7190f44f00a98983087f969407bd217eadfed1c6353335eda7f7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI Score

2024-06-11 06:48 AM
2
osv
osv

Malicious code in nppe_ttt_datalayer (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c2cf2a52144e733f43888ec1331ac75fdfcffbf961c5e8879245feddb3360331) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 06:45 AM
osv
osv

Malicious code in workerd-root (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (864f13e0626ddbb05fb951a4a4217000d4d74c0e9935d0ca041b22f805b1ff98) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 06:25 AM
osv
osv

tiff vulnerability

It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary...

5.5CVSS

7.7AI Score

0.0004EPSS

2024-06-11 03:04 AM
osv
osv

cyrus-imapd - security update

Bulletin has no...

6.5CVSS

7.2AI Score

0.0005EPSS

2024-06-11 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-1694

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...

6.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
osv
osv

vlc - security update

Bulletin has no...

7.2AI Score

2024-06-11 12:00 AM
1
kaspersky
kaspersky

KLA68913 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...

8.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
packetstorm

7.8CVSS

7AI Score

0.44EPSS

2024-06-11 12:00 AM
53
openvas
openvas

Ubuntu: Security Advisory (USN-6818-2)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.001EPSS

2024-06-11 12:00 AM
4
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 126 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 126.0.6478.54 (Linux) 126.0.6478.56/57( Windows, Mac) contains a number of fixes and improvements -- a list of changes is...

8.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
8
nessus
nessus

Google Chrome < 126.0.6478.56 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.56. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop advisory. Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a...

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Google Chrome < 126.0.6478.56 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 126.0.6478.56. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop advisory. Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote...

6.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6820-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

8CVSS

10AI Score

0.0004EPSS

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2023-7261

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...

6.6AI Score

0.0004EPSS

2024-06-11 12:00 AM
androidsecurity
androidsecurity

Pixel Watch Security Bulletin—June 2024

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices (Google Devices). For Google devices, security patch levels of 2024-06-05 or later address all applicable issues in the June 2024 Android Security Bulletin and all issues in this bulletin......

8.4AI Score

2024-06-11 12:00 AM
8
osv
osv

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
1
osv
osv

CVE-2024-37169

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https....

5.3CVSS

7AI Score

0.0004EPSS

2024-06-10 10:15 PM
osv
osv

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

5.5AI Score

0.0004EPSS

2024-06-10 10:15 PM
osv
osv

CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-10 10:15 PM
osv
osv

CVE-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-10 10:15 PM
osv
osv

@grpc/grpc-js can allocate memory for incoming messages well above configured limits

Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. If an...

5.3CVSS

6.9AI Score

0.0005EPSS

2024-06-10 09:38 PM
1
osv
osv

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...

8.9CVSS

5.3AI Score

0.0004EPSS

2024-06-10 09:36 PM
osv
osv

Composer has a command injection via malicious git branch name

Impact The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid installing dependencies via git by using...

8.8CVSS

7.3AI Score

0.0004EPSS

2024-06-10 09:36 PM
1
osv
osv

Composer has multiple command injections via malicious git/hg branch names

Impact The composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. So this requires cloning untrusted repositories. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid cloning potentially compromised...

8.8CVSS

7.2AI Score

0.0004EPSS

2024-06-10 09:36 PM
1
osv
osv

Langflow remote code execution vulnerability

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python...

9.8CVSS

8.1AI Score

0.001EPSS

2024-06-10 09:30 PM
1
osv
osv

libphp-adodb vulnerabilities

It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7405) It was discovered that ADOdb was incorrectly handling GET parameters...

9.1CVSS

7.3AI Score

0.006EPSS

2024-06-10 08:41 PM
1
nuclei
nuclei

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...

6.7AI Score

0.001EPSS

2024-06-10 08:19 PM
2
osv
osv

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

8.7AI Score

0.001EPSS

2024-06-10 08:15 PM
osv
osv

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

7.6AI Score

0.0005EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

9.5AI Score

0.001EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
osv
osv

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

8.4AI Score

0.0005EPSS

2024-06-10 08:15 PM
osv
osv

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
osv
osv

linux-oem-6.8 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-10 07:28 PM
1
osv
osv

Malicious code in randombullshitgo-js (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (057c8df14eaa8785b6129f2c579be84c7330b0f8d7e9bb6eff202f60bdddabfd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI Score

2024-06-10 07:12 PM
1
osv
osv

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby (Docker Engine) prior to 20.10.11 treat the Content-Type...

7AI Score

2024-06-10 06:39 PM
1
Total number of security vulnerabilities303832