341 matches found
MAL-2024-7578 Malicious code in sap-attempt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7a877bf37242b376746403eed64d2af102e172d2c6deba7bd056191f5f595c88 The OpenSSF Package Analysis project identified 'sap-attempt' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sap-artisttitledupes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 43a68bfe6b28165a13f4a7279e7d977162a58338e92ea924cee372290a421c49 The OpenSSF Package Analysis project identified 'sap-artisttitledupes' @ 0.0.0 npm as malicious. It is considered malicious because: - The packa...
Malicious code in sap-afilter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0a365df0492a2b389bd9c09de3b04663f763666efbd40d2e1e55b14d2a088c4e The OpenSSF Package Analysis project identified 'sap-afilter' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2024-22026
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance...
Microsoft Windows Multiple Vulnerabilities (KB5037768)
This host is missing an important security update according to Microsoft KB5037768 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
CVE-2024-31966
The CVE-2024-31966 issue affects Mitel 6800 Series and 6900 Series SIP Phones (through 6.3 SP3 HF4), Mitel 6900w Series SIP Phone (through 6.3.3), and Mitel 6970 Conference Unit (through 5.1.1 SP8). The root cause is insufficient parameter sanitization, allowing an authenticated attacker with adm...
Siemens SCALANCE W1750D Command Injection (CVE-2023-22788)
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This plugin on...
Malicious code in @dh-io-globalelem/footnote-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4022d6e9ad567de4e27943e9f7b877b7f4fc8ad0dc9e8c9dcf81738af56bc2a2 The OpenSSF Package Analysis project identified '@dh-io-globalelem/footnote-component' @ 5.990.10 npm as malicious. It is considered malicious...
git: Bypass of safe.directory protections
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities
Multiple vulnerabilities in Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an attacker to conduct cross-site scripting XSS attacks, execute arbitrary commands, perform SQL injection attacks, or gain elevated privileges on an affected system. Cisco has...
Malicious code in imagery_export (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ded43ce2e4a423411edd79212bce33e88313d38fa2930daa39e9a329ba99aa70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...
Malicious code in jupiter-i18n (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a995253a2ee90fffb109184b329a5e1966f4e8b6cd8a67c131c60324495d8127 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-38156
A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...
MAL-2023-1204 Malicious code in hyrule-react-commons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b82bec5139c178e3b425e5e458a9c7b248b17db5192cf6178702cbb26822dba The OpenSSF Package Analysis project identified 'hyrule-react-commons' @ 2.0.1 npm as malicious. It is considered malicious because: - The packa...
MAL-2023-1317 Malicious code in tempomati-omega-69-emcuf7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a012c605870034511688f664880e997bc8423cd7707f3de28326adc144f4fb4a The OpenSSF Package Analysis project identified 'tempomati-omega-69-emcuf7' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python (CVE-2015-20107)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python , caused by improper input validation in mailcap module. CVE-2015-20107. Python is included as part of our runtime components. This vulnerabilitiy has been addressed...
CVE-2023-0432 CVE-2023-0432
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
Malicious code in python-tdigest-bindings (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5764e30c8f0fdecc8d1be71c4590440c7433bd9ff7ad6d0dad7d32eb41764303 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
TIBCO Security Advisory: September 21, 2022 - TIBCO EBX -CVE-2022-30577
TIBCO EBX Stored XSS vulnerability Original release date: September 21, 2022 Lastrevised: --- CVE-2022-30577 Source: TIBCOSoftware Inc. Products Affected TIBCO EBX versions 6.0.0 through 6.0.8 The following component is affected: Web Server Description The component listed above contains an easil...