214 matches found
Malicious Package
Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview backend-engineering-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection...
Malicious Package
Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview buy-sell-opensea-sdk-demo is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection...
Malicious Package
Overview svelte-hms-world is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
TCP security vulnerability
TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A security vulnerability exists in TCP that stems from the protocol having a timed side channel, which allows an attacker to infer the contents o...
PT-2024-28734 · Tcp · Tcp
Name of the Vulnerable Software and Affected Versions: TCP protocol affected versions not specified Description: The issue is related to a timing side channel in the TCP protocol, making it easier for remote attackers to infer the content of one TCP connection from a client system to any server...
Deno 安全漏洞
Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno versions v1.8.0 through 1.40.4 that stems from Deno incorrectly checking if the hostname of an imported descriptor is equal t...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...
CVE-2023-42143
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...
PT-2024-13033 · Allterco · Shelly Trv
Name of the Vulnerable Software and Affected Versions: Shelly TRV version 20220811-152343/v2.1.8@5afc928c Description: The issue allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is then...
Remote code execution
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...
BigBlueButton PILOS Security Vulnerability
BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton PILOS versions 2.0 through 2.3, which stems from the fact that when constructing a password reset URL, the password reset component deployed in PILOS uses the...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2023-32978
A cross-site request forgery CSRF vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
plugin: CSRF vulnerability in Script Security Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2023-25767
A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41777
Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 PC Version v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash...
OESA-2022-2034 strongswan security update
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a...