Malicious code in superacli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...

MAL-2026-4674 Malicious code in superacli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...

ROS-20260205-73-0033

A vulnerability in the currentpasswordstore function of the dell-wmi-sysman driver of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

EUVD-2008-0427

Malware in sbrugna...

EUVD-2018-4330

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-28086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password,...

Linux Distros Unpatched Vulnerability : CVE-2018-12356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG...

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

...

Linux Distros Unpatched Vulnerability : CVE-2025-38077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf'...

SUSE CVE-2025-38077

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...

DEBIAN-CVE-2025-38077

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...

UBUNTU-CVE-2025-38077

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...

CVE-2025-38077

CVE-2025-38077 affects the Linux kernel, in platform/x86 dell-wmi-sysman. The root cause was a potential buffer overflow when current_password_store() accessed buf[length-1] after an empty string length. A check for empty strings was added. The Azure Linux Nessus advisory confirms the fix and rec...

PT-2025-25851

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue has been identified in the Linux kernel, specifically in the dell-wmi-sysman platform, within the current password store function. This occurs when the buf array,...

OPENSUSE-SU-2024:11150-1 password-store-1.7.4-3.1 on GA media

These are all security issues fixed in the password-store-1.7.4-3.1 package on the GA media of openSUSE Tumbleweed...

Checkmk 2.0.x < 2.0.0p38, 2.1.x < 2.1.0p32, 2.2.x < 2.2.0p4 Command Injection Vulnerability

Checkmk is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

SUSE CVE-2008-0417

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password...

SUSE CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...