MAL-2024-7536 Malicious code in sap-align (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e87ea42b54a5117ae004dd6efd6f57e7dbfe3019b3398157b6ec336de0b84faa The OpenSSF Package Analysis project identified 'sap-align' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-33847

CVE-2024-33847 relates to the Linux kernel’s f2fs compression feature. The root cause is a truncation bug on released compressed inodes that can corrupt a f2fs image if a partial truncation changes the valid block count without updating i_blocks/total_valid_block_count. The patch fixes by allowin...

SUSE CVE-2024-35814

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb "swiotlb: fix a braino in the alignment check fix", which was a fix for commit 0eee5ae10256 "swiotlb: fix slot alignment checks", causes...

PT-2024-30517 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO with AI Best SEO Tools plugin for WordPress versions up to, and including, 1.0.217 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller open sourced by Open Networking Foundation. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS onos-lib-go version 0.10.25, which stems from an index out-of-boun...

SUSE CVE-2023-52619

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 =...

CVE-2024-1393

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iconalign' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Plugin Elementor Addon Elements Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18005 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the icon align attribute of the Content Switcher widget due to insufficient input...

CVE-2023-46306

The web administration interface in NetModule Router Software NRSW 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php deviceid parameter. This occurs because another thread can be start...

agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +249 more potentially affected by CVE-2023-39631 via langchain (>=0.0.100 <=0.0.306)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.0.40 and more Source cves: CVE-2023-39631 Source advisory: OSV:GHSA-F73W-4M7G-CH9X...

PT-2023-27023 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev449-g5948e4f70-master Description: The issue is related to a heap-use-after-free vulnerability via the gf bs align function at bitstream.c. This allows attackers to cause a Denial of Service DoS by supplying a crafted...

CVE-2020-24222

Buffer Overflow vulnerability in jfifdecode function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN...

CVE-2020-24222

Buffer Overflow vulnerability in jfifdecode function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN...

Buffer overflow

Buffer Overflow vulnerability in jfifdecode function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN...

CVE-2020-24222

The CVE-2020-24222 entry concerns rockcarry ffjpeg (

Startup Security Tactics: Friction Surveys

When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: 1. Reduce the risk of information security incidents 2. Increase trust in Vanta's information security program 3. Reduce the friction caused by information security controls 4. Use security expertise to...

SUSE CVE-2019-25033

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGNUP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

The vulnerability of the MasterUserEdit application interface of the cloud-based corporate solution for planning and managing Jira Align (formerly AgileCraft) programs and IT projects allows a malicious individual to increase their privileges.

The vulnerability of the MasterUserEdit application interface of the cloud-based corporate solution for planning and managing Jira Align formerly AgileCraft programs and IT projects is related to access control errors. Exploiting this vulnerability can allow a malicious actor to increase their...

unbound: integer overflow in the regional allocator via the ALIGN_UP macro

A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGNUP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...