Malicious code in application-delivery-tool-preload-expo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56e4071882ebfaf078f45ca400f352aa4473aab57faa966a208f00a8ef67dfd4 The OpenSSF Package Analysis project identified 'application-delivery-tool-preload-expo' @ 3.0.0 npm as malicious. It is considered malicious...

MAL-2023-1116 Malicious code in application-delivery-tool-preload-expo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56e4071882ebfaf078f45ca400f352aa4473aab57faa966a208f00a8ef67dfd4 The OpenSSF Package Analysis project identified 'application-delivery-tool-preload-expo' @ 3.0.0 npm as malicious. It is considered malicious...

kernel: cgroup: Use separate src/dst nodes when preloading css_sets for migration

In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to...

VulnCheck KEV: CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...

CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...

WordPress Plugin Fastest Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-17348 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue allows unauthorized data modification due to a missing capability check on the wpfc preload single callback function. This makes it possible for...

SUSE CVE-2011-1658

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

SUSE CVE-2015-1269

The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...

SUSE CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

SUSE CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

SUSE CVE-2021-29649

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver UMD has a copyprocess memory leak, related to a lack of cleanup steps in kernel/usermodedriver.c and kernel/bpf/preload/bpfpreloadkern.c, aka CID-f60a85cad677...

Authentication Bypass

firefox is vulnerable to authentication bypass. The vulnerability exists because preload cache bypasses subresource integrity when loading a script which allows an attacker to gain access to internal system and perform unwanted action...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-17325)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...

Mozilla Firefox Security Advisory (MFSA2022-28) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2022-28. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...

Execution with Unnecessary Privileges in arc-electron

When the end-user click on the response header that contains a link the target will be opened in ARC new window. This window will have the default preload script loaded which allows the scripts embedded in the link target to execute any logic that ARC has access to from the renderer process, whic...

CVE-2021-31847

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user,...

Boost Note 注入漏洞

Boost Note is an open source developer-friendly workspace with IDE-like UX. it provides the following features focusing on information management and searchability. A security vulnerability exists in Boost Note versions prior to 0.22.0 that stems from a lack of effective filtering and validation ...

kernel security and bug fix update

4.18.0-305.7.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...