Malicious code in ct-notify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bbead255c862ca6aa0274a954c23e2d2feae939b0a7d245d0d0201236edeb7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2269 Malicious code in ct-notify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bbead255c862ca6aa0274a954c23e2d2feae939b0a7d245d0d0201236edeb7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian DSA-5165-1 : vlc - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5165 advisory. Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file is...

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

...

CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

DEBIAN-CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

AZL-9917 CVE-2022-1998 affecting package kernel for versions less than 5.15.48.1-2

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

Bribe Rewards Not Collected In Current Period Will Be Lost Forever

Lines of code Vulnerability details High Bribe Rewards Not Collected In Current Period Will Be Lost Forever Vulnerability Details It was observed that if the bribe rewards are not collected in the current period, they will not be accrued to future epoch, and they will be lost forever...

Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin

Pipeline GitHub Notify Step Plugin 1.0.4 and earlier provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid...

CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-QHXF-M7JM-JC57 CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-8P4M-62GP-33J4 Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin

Pipeline GitHub Notify Step Plugin 1.0.4 and earlier provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid...

GHSA-5H29-QQ92-WJ7F Cleartext Transmission of Sensitive Information in Apache MINA

Handling of the closenotify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This...

OESA-2022-1660 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.CVE-2021-33061 A use after free in the Linux...

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

WordPress Ad Blocker Notify Lite plugin <= 2.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ad Blocker Notify Lite plugin versions = 2.4.0. Solution No patched version available...