Malicious code in azure-arm-workspaces-samples-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fdf3e3810b11986993e1ee312d73c2be2e122399ae83f6c577f58853782c50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in azure-arm-workspaces-samples-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 306ff4b6fffa361d81e979b5ef2a337379a04e79ef23b632170418748925c574 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1297 Malicious code in azure-arm-workspaces-samples-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fdf3e3810b11986993e1ee312d73c2be2e122399ae83f6c577f58853782c50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-29244 npm packing does not respect root-level ignore files in workspaces

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

CVE-2022-29244 npm packing does not respect root-level ignore files in workspaces

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

GHSA-HJ9C-8JMM-8C52 Packing does not respect root-level ignore files in workspaces

Impact npm pack ignores root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish with workspaces, as of v7.9.0 & v7.13.0 respectively, may be affected and have published...

GHSA-4PW5-R58H-FV24 Path traversal vulnerability on Windows in Jenkins

The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows. This results in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller o...

Drupal Core Access bypass vulnerability

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

GHSA-X2Q9-R8GM-F657 Drupal Core Access bypass vulnerability

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

GHSA-X3P3-929J-PQ66 Improper Neutralization of Input During Web Page Generation in Jenkins

Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...

Improper Neutralization of Input During Web Page Generation in Jenkins

Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...

Mattermost Access Control Error Vulnerability (CNVD-2022-31756)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. An Access Control Error vulnerability exists in Mattermost 6.4.x and earlier versions, which stems from an inability to properly invalidate a pending email invitation when executed from the system...

AWS, Other Cloud Services Affected by Flaws in Eltima SDK

Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, amo...

Amazon WorkSpaces integer overflow vulnerability

Amazon Workspaces is a fully managed persistent desktop virtualization service from Amazon that lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. Amazon Workspaces is vulnerable to an integer overflow vulnerability that could be...

Amazon WorkSpaces Buffer Overflow Vulnerability

Amazon WorkSpaces is a fully managed persistent desktop virtualization service from Amazon that lets your users access the data, applications, and resources they need from any supported device, anywhere, anytime. Amazon WorkSpaces is vulnerable to a buffer overflow vulnerability that could be...

CVE-2021-43638

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Pack...

CVE-2021-43637

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-43637

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-43638

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Pack...