PT-2021-7867 · Libraw +8 · Libraw +8

Name of the Vulnerable Software and Affected Versions: LibRaw version 0.20.0 Description: The issue is related to a buffer overflow in the LibRaw buffer datastream::gets function, located in the libraw datastream.cpp component of the LibRaw image processing library. This allows an attacker to...

PT-2021-17972 · Rust +6 · Rust +6

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.52.0 Description: The issue is related to a panic safety problem in the Zip implementation of the Rust standard library. It occurs when the underlying iterator panics under certain conditions, causing iterator get...

PYSEC-2021-58

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

Malicious Package

Overview paychex-common-npm is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-common-npm package. Credit: Snyk Research...

PT-2021-1525 · Google +1 · Android Kernel +1

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a use after free in the io uring subsystem of the Linux kernel, which could lead to local escalation of privilege with System execution privileges needed. User interaction is not required fo...

PT-2021-7597 · Unknown +1 · Cgal Libcgal +1

Name of the Vulnerable Software and Affected Versions: CGAL libcgal version 5.1.1 Description: The issue is related to multiple code execution vulnerabilities in the Nef polygon-parsing functionality. A specially crafted malformed file can lead to an out-of-bounds read and type confusion,...

PT-2020-17121 · Dhowden · Dhowden

Name of the Vulnerable Software and Affected Versions: dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 Description: The issue is due to improper bounds checking in several methods, which can trigger a panic via readAtomData or readAPICFrame due to attempted out-of-bounds reads. If...

dropin.or.kr Cross Site Scripting vulnerability OBB-1478907

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

GHSA-CWCP-6C48-FM7M Unsafe eval() in summit allows arbitrary code execution

Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package author has...

CVE-2020-0255

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

PT-2020-14189 · Etcd +4 · Etcd +4

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The issue is related to a lack of validation on the size of a record stored in the length field of a WAL file. This allows for the creation of a forged, extreme...

PT-2020-14070 · Squirrelmail · Squirrelmail

Name of the Vulnerable Software and Affected Versions: SquirrelMail version 1.4.22 Description: The issue arises in compose.php, where the $attachments value from an HTTP POST request is passed to unserialize. This could potentially lead to PHP object injection. However, the vendor disputes this,...

PT-2020-12481 · Percona · Percona Xtrabackup

Name of the Vulnerable Software and Affected Versions: Percona XtraBackup versions prior to 2.4.20 Description: The issue allows sensitive information to be unintentionally written to backup files and the PERCONA SCHEMA.xtrabackup history table when the --history option is used. This may include...

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infectio...

Malicious Package

Overview active-search is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using active-search...

Malicious Package

Overview jaconda-telegram is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview active-delivery is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview dradisntospider is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview fontstack is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using fontstack...

Malicious Package

Overview audio-mixer-sox is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...