Malicious code in sap-append (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c9f0f3e8f5fe5bef39b2094c9c7dc85df0847fde8e94cdf33c609b67ed5b1f8a The OpenSSF Package Analysis project identified 'sap-append' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7639 Malicious code in sap-append (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c9f0f3e8f5fe5bef39b2094c9c7dc85df0847fde8e94cdf33c609b67ed5b1f8a The OpenSSF Package Analysis project identified 'sap-append' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

DEBIAN-CVE-2024-6383

The bsonstringappend function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1...

UBUNTU-CVE-2024-6383

The bsonstringappend function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1...

CVE-2024-6012

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, wit...

PT-2024-27437 · Jan · Jan

Name of the Vulnerable Software and Affected Versions: Jan version 0.4.12 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file to the "/v1/app/appendFileSync" interface. Recommendations: For Jan version 0.4.12, as a temporary workaround, consider disablin...

SUSE CVE-2024-36954

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipcbufappend skblinearize doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize, so that the skb can be freed on the err path...

DEBIAN-CVE-2024-36954

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipcbufappend skblinearize doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize, so that the skb can be freed on the err path...

DEBIAN-CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page sam4k working with Trend Micro Zero Day Initiative reported a UAF in the tipcbufappend error path: BUG: KASAN: slab-use-after-free in kfreeskblistreason+0x47e/0x4c0 linux/net/core/skbuff.c:118...

UBUNTU-CVE-2024-36954

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipcbufappend skblinearize doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize, so that the skb can be freed on the err path...

UBUNTU-CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page sam4k working with Trend Micro Zero Day Initiative reported a UAF in the tipcbufappend error path: BUG: KASAN: slab-use-after-free in kfreeskblistreason+0x47e/0x4c0 linux/net/core/skbuff.c:118...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which originates from a possible memory leak in the tipc module tipcbufappend...

SUSE CVE-2024-35856

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hcidevcdappend would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfsperformwrite, when the file is marked NETFSICTXWRITETHROUGH or OSYNC or RWFSYNC was specified, write-through caching is performed on a buffered file...

UBUNTU-CVE-2024-26752

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6appenddata l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the...

The vulnerabilities of the functions AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding(), and AppendEncodedCharacters() in browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird allow an attacker to execute arbitrary code.

The vulnerabilities of the functions AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding, and AppendEncodedCharacters in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to integer overflow. Exploiting these vulnerabilities allows a malicious...

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

DEBIAN-CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

avahi: Reachable assertion in avahi_dns_packet_append_record

A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...