MAL-2023-7941 Malicious code in your-dpd-rest-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57f29438d66f642d44c66209d9219a5bce9c31f2cdb3437e711193f13af28113 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in your-dpd-rest-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57f29438d66f642d44c66209d9219a5bce9c31f2cdb3437e711193f13af28113 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-GVVX-FC6P-2H9X Duplicate Advisory: Wallabag user can delete own API client unintentionally

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gjvc-55fw-v6vq. This link is maintained to preserve external references. Original Description Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...

big-map-archive-api-client (>=0.0.1 <=1.2.0), dash-tools (>=1.6.0 <=1.11.1) +16 more potentially affected by CVE-2023-31543 via pipreqs (>=0.4.10 <=0.4.11)

pipreqs PYPI version =0.4.10, =0.0.1, =1.6.0, =0.0.6, =1.0.3, =1.1.5, =0.3.37, =0.0.5, =0.2.20, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-31543 Source advisory: OSV:PYSEC-2023-99...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GNU SASL vulnerability (USN-6169-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6169-1 advisory. It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API...

bfactory (>=0.4.0 <=0.4.4), coop (>=5.2.0 <=5.2.2) +38 more potentially affected by CVE-2023-31047 via django (>=4.2.0 <=4.2.0rc1)

django PYPI version =4.2.0, =0.4.0, =5.2.0, =3.1.0, =7.2.2, =39.1.0, =9.3.0, =0.1.0a1, =1.0.0, =0.2.1, =0.2.2 - django-handy-admin =0.0.0 and more Source cves: CVE-2023-31047 Source advisory: OSV:GHSA-R3XC-PRGR-MG9P...

MAL-2023-18 Malicious code in 3commas-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c45a506a2aa2967edb76552c716759a7082f9147ee666c777b8b2c9ed8dc53 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CSRF leading to delete Client API in API clients management

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete API key via client/delete/id Proof of Concept history.pushState'', '', '/'; document.forms0.submit;...

SUSE CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

MAL-2022-3209 Malicious code in freekws-devportal-api-client-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 964e73152194b8926217ca3e0d90526fe2a0e1223ef4b99a45ebd367193ce1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

Out-of-bounds

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

Fedora: Security Advisory for golang-github-vultr-govultr-2 (FEDORA-2022-e674d52438)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious Package

Overview @kraken-frontend/kraken-api-client is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerabl...

Malicious code in tilled-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d123fddcb18367f3ca5df73ee43dfd1f0fff9b5755b07ed392f9f70e7f9797f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6572 Malicious code in tilled-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d123fddcb18367f3ca5df73ee43dfd1f0fff9b5755b07ed392f9f70e7f9797f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3213 Malicious code in frn-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6510b676b0a865d924429b9b3a41ad4365e754db47f2fa6b34f9305237b7aea2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in frn-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6510b676b0a865d924429b9b3a41ad4365e754db47f2fa6b34f9305237b7aea2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...