Malicious code in fabrice (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d1d6b36980b1999e5525b7490b4a430c21cb4f86493a11b76f34ae8c02bfc19c The PyPI package fabrice is a malicious package typosquatting the legitimate package fabric. The package is an info stealer primarily...

SUSE CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

UBUNTU-CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

CVE-2024-50101 iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

PT-2024-34132 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: OpenShift affected versions not specified Description: A denial of service DoS issue was found in OpenShift, related to the GraphQL batching functionality. This allows attackers to send multiple queries within a single request, potentially...

Malicious code in participant-register-purchase-alias (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in cli-command-with-alias (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b03e8947704f3b685460bd5c1a963c852f7877815be28a52d9642875d1348d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

GoLang CMS 跨站脚本漏洞

GoLang CMS is a content management system of GoUniverse open source. A cross-site scripting vulnerability exists in GoLang CMS version 1.4.0, which stems from the parameter alias in the file FrontendHandler.go that can lead to cross-site scripting attacks...

CVE-2024-45308

HedgeDoc (the HedgeDoc project) contains a vulnerability affecting deployments using MySQL or MariaDB where an alias can be created equal to the ID of an existing note. The new note’s alias hides the original note and, in freeURL mode, can be created by users with appropriate permissions or, depe...

CVE-2024-45308 MySQL & free URL mode allows to hide existing notes in hedgedoc

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...

Malicious code in @diotoborg/alias-amet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87c84a81116d3cde992287733a2e50d6c58daafbfbb1c7eee2b0c8d6753b4bb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/laudantium-labore-alias (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a63f7393fd338cbffb2e592e4c5e0b560c80f74e525c0a886c31551e59362fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8116 Malicious code in @diotoborg/alias-amet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87c84a81116d3cde992287733a2e50d6c58daafbfbb1c7eee2b0c8d6753b4bb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8619 Malicious code in @diotoborg/sapiente-alias-omnis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98848f887303b1ae4b29e79f7b73f720e9b8f04002532a66947d12ec4625a6e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/alias-provident-fuga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5c5620a224b1773e6dd49a7777613398368f9a4c8351867a082d04d0a0af057 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/perspiciatis-voluptates-alias (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17890f0832e258ca3b833388c2683096c43da0cd8ba4d304d068c68ed99d3346 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8599 Malicious code in @diotoborg/rem-alias (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59ce326dc232b7dcfea23bffaffbd0e0742c9c80cb955cb15e3e4f611874e993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Postfixadmin Protected Alias Deletion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postfixadmin Protected Alias Deletion Vulnerability', 'Description' = %q Postfixadmin installations between 2.91 and 3.0.1 do not check if an adm...

Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...