MAL-2022-6429 Malicious code in tcm-one-tree (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b7f900ef8f753774bd695128ad350ff16b9f03c8c4d53ffea0f43dc61ae4c09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-27975 · Unknown · Paddlepaddle

Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.4 Description: The issue is an out-of-bounds read in the gather tree function. This problem affects PaddlePaddle versions before 2.4. A patch for this issue is available in the release/2.4 branch...

CLSA-2022-1670260858 Fix CVE(s): CVE-2013-4235

SECURITY UPDATE: Race condition when copying and removing directory trees - debian/patches/CVE-2013-4235.patch: fix races in chowntree, removetree and copytree - CVE-2013-4235...

EvilTree - A Remake Of The Classic "Tree" Command With The Additional Feature Of Searching For User Provided Keywords/Regex In Files, Highlighting Those That Contain Matche

A standalone python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. Created for two main reasons: While searching for secrets in files of nested directory structures, being able to...

GHSA-672P-M5JQ-MRH8 Insufficient Verification of Proofs generated by the immudb server in client SDK.

Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list o...

Insufficient Verification of Proofs generated by the immudb server in client SDK.

Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list o...

PT-2022-25528 · Unknown · Yellow Tree Geolocation Ip Detection Plugin

Name of the Vulnerable Software and Affected Versions: Yellow Tree Geolocation IP Detection Plugin affected versions not specified Description: A vulnerability was found in the Yellow Tree Geolocation IP Detection Plugin, classified as problematic. It affects an unknown function of the component...

kernel: bfq: Make sure bfqg for which we are queueing requests is online

A use-after-free vulnerability exists in the Linux kernel. The Bios queued into the BFQ IO scheduler can be associated with a cgroup that was already offline. This issue may then cause the insertion of this bfqgroup into a service tree. This bfqgroup will get freed as soon as the last associated...

Dismember - Scan Memory For Secrets And More

Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes or particular ones for common secrets and custom regular expressions, among other things. It will eventually become a full /proc toolkit. Using the grep command, it can match a regular expression...

PT-2022-35741 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: A potential security issue exists due to a sanity check on the DT child nodes number in libahci platform. The actual impact and attack plausibility have not yet been proven. Recommendation...

PT-2022-35264 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A potential issue exists in the libahci platform module, related to a sanity check of the DT child nodes number. The actual impact and attack plausibility have not yet been proven...

PT-2022-34984 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.3 Description: The issue concerns a sanity check for the number of DT child nodes in the libahci platform module. The actual impact and potential for attack have not been proven yet. Recommendations: For Lin...

PT-2022-35474 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: A potential issue exists in the libahci platform module, related to a sanity check of the DT child nodes number. The actual impact and attack plausibility have not yet been proven...

CISA Releases SSVC Methodology to Prioritize Vulnerabilities

Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization SSVC, a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular...

kernel: ext4: avoid cycles in directory h-tree

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...

PT-2022-36737 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details include a crash type of Heap-buffer-overflow READ 8, with a crash state...

kernel-rt security and bug fix update

An update is available for kernel-rt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

AZL-44541 CVE-2022-37598 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

PT-2022-36676 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 3 crash has been reported. The crash involves the onig node str cat function and occurs during the setup tree process. No...

Incorrect implementation of the MerkleVerifier.sol library

Lines of code Vulnerability details Impact The MerkleVerifier results in an incorrect verification of the Merkle Tree. Description Using a simple test case from and deploying the contracts with MerkleVerifier.sol. We can see that the results differs when attempting to verify the Merkle Tree. Test...