MAL-2025-47283 Malicious code in @things-factory/auth-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db891d17c83cd814d4976534e1ff8e7675f41f0c50baedecafab80bcdf4156fb Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47392 Malicious code in @things-factory/shell (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ebd494f09184269de61b62501f8b32bfc56c353807f7e7356cecc35c5ab1346 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47224 Malicious code in @things-factory/integration-marketplace (npm)

Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js suggests malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 707cb5e2a466e8a099c5ffaaf71fd576d658e67702737dd3dfef8dc62127aa8f Any computer that has this package...

Malicious code in @things-factory/env (npm)

Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js indicate potential malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88b8463d9fb16ac5faed1cd122997c683cc79534786bcf816139cefc13897168 Any computer that has this...

MAL-2025-47222 Malicious code in @things-factory/env (npm)

Suspicious postinstall script executing bundle.js and YARA rule match on bundle.js indicate potential malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88b8463d9fb16ac5faed1cd122997c683cc79534786bcf816139cefc13897168 Any computer that has this...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

CVE-2025-40594

A vulnerability has been identified in SINAMICS G220 V6.4 All versions V6.4 HF2, SINAMICS S200 V6.4 All versions V6.4 HF7, SINAMICS S210 V6.4 All versions V6.4 HF2. The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as we...

Linux Distros Unpatched Vulnerability : CVE-2016-2421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection...

Linux Distros Unpatched Vulnerability : CVE-2016-0812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1...

Linux Distros Unpatched Vulnerability : CVE-2016-0813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01...

Linux Distros Unpatched Vulnerability : CVE-2019-6132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when...

Linux Distros Unpatched Vulnerability : CVE-2016-6724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7...

Linux Distros Unpatched Vulnerability : CVE-2022-43032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as...

Linux Distros Unpatched Vulnerability : CVE-2016-2423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly...

Linux Distros Unpatched Vulnerability : CVE-2018-20407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as...

Linux Distros Unpatched Vulnerability : CVE-2016-3925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service blocked Wi-Fi usage v...

Linux Distros Unpatched Vulnerability : CVE-2023-20953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup...