waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

Malicious code in @apiary-annex/meta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beaea0c4666896c82c0b26b3e24708dbf4e2f28425735b67b5e723802337d51e The package @apiary-annex/meta was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3109 Malicious code in @apiary-annex/meta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beaea0c4666896c82c0b26b3e24708dbf4e2f28425735b67b5e723802337d51e The package @apiary-annex/meta was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3110 Malicious code in @apiary-annex/title (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...

Malicious code in @apiary-annex/title (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...

Operationalising Information Security Management: A Procedural Framework Analysis of ISO/IEC 27001:2022 Implementation in a Financial-Technology Organisation

Organisations operating within information-intensive environments face intensifying pressure to formalise the governance of information security. The ISO/IEC 27001:2022 standard provides a globally recognised framework for establishing, implementing, maintaining, and continually improving an...

CVE-2021-31927

An Insecure Direct Object Reference IDOR vulnerability in Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2...

CVE-2021-31929

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals...

HSEC-2023-0012 git-annex checksum exposure to encrypted special remotes

git-annex checksum exposure to encrypted special remotes A bug exposed the checksum of annexed files to encrypted special remotes, which are not supposed to have access to the checksum of the un-encrypted file. This only occurred when resuming uploads to the encrypted special remote, so it is...

HSEC-2023-0013 git-annex plaintext storage of embedded credentials on encrypted remotes

git-annex plaintext storage of embedded credentials on encrypted remotes git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the Git repository in effectively...

HSEC-2023-0011 git-annex GPG decryption attack via compromised remote

git-annex GPG decryption attack via compromised remote A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's GPG key. This attack could be used to expose encrypted data that was never stored in git-annex. Daniel Dent discovered this...

HSEC-2023-0009 git-annex command injection via malicious SSH hostname

git-annex command injection via malicious SSH hostname git-annex was vulnerable to the same class of security hole as git's CVE-2017-1000117. In several cases, git-annex parses a repository URL, and uses it to generate a ssh command, with the hostname to ssh to coming from the URL. If the hostnam...

EUVD-2021-18800

Malware in sbrugna...

EUVD-2017-4494

Malware in sbrugna...

EUVD-2014-6160

Malware in sbrugna...

EUVD-2018-2924

Malware in sbrugna...

EUVD-2018-2926

Malware in sbrugna...

EUVD-1999-1051

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-10857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or...

Linux Distros Unpatched Vulnerability : CVE-2017-12976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated...