MAL-2025-1623 Malicious code in react-content-loader-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f4fac1cd9b3669fd66345e097ee2be915ef08de77e2fe1a0473640df479d33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2024-57254

An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem...

UBUNTU-CVE-2025-0684

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesyste...

SUSE CVE-2024-57256

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

GNU GRUB 缓冲区错误漏洞

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from an integer overflow flaw found in GRUB2's BFS file system driver. No detailed vulnerability details are provided at this time...

Advisory ROSA-SA-2025-2683

Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-148.0.3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...

CVE-2024-24293

A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47742)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47742 advisory. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Mos...

@adhawk/analytics-pixel-loader (>=0.0.2 <=2.0.2), @adhawk/analytics.js-integration-freshdesk (=0.1.0) +143 more potentially affected by CVE-2024-57066 via @ndhoule/defaults (=2.0.1)

@ndhoule/defaults NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @ndhoule/defaults and may be impacted: - @adhawk/analytics-pixel-loader =0.0.2, =1.2.0, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 -...

CVE-2022-23005

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in...

CVE-2020-11284

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructur...

CVE-2024-56232

Cross-Site Request Forgery CSRF vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through = 0.1.0.4...

CVE-2024-32741

A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default . An attacker who manages to crack the password hash gains root access to the device...

SUSE CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

CVE-2024-24714

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4...

CVE-2024-37149

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...

Important: kernel-livepatch-6.1.112-124.190

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesyste...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify CVE-2024-26852 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem...

DEBIAN-CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

Malicious code in analytics-bp-passive-tracker-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis acb2b0591e0d61f597b43b55a8fd70dfcb8aca1d696e09f2a63c4f6f5c5a1959 The OpenSSF Package Analysis project identified 'analytics-bp-passive-tracker-loader' @ 99.99.100 npm as malicious. It is considered malicious...