Malicious code in tq-assignment-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7f3696cd235e903c072e0f059768eac6d02449c0391742e708b6ce69250e1a15 The OpenSSF Package Analysis project identified 'tq-assignment-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-8903

Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent Windows, macOS before build 38565...

CVE-2024-8903

The CVE-2024-8903 entry affects Acronis Cyber Protect Cloud Agent on Windows and macOS, prior to build 38565. The underlying issue is local privilege/privileges assignment: the local active protection service settings can be manipulated due to unnecessary privileges being granted. The resulting i...

PT-2024-39310 · Acronis · Acronis Cyber Protect Cloud Agent

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Cloud Agent versions prior to build 38565 Description: The issue is related to local active protection service settings manipulation due to unnecessary privileges assignment, which could lead to potential system...

The vulnerability of the HTMLDOC document conversion tool, related to pointer assignment errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the HTMLDOC document conversion tool is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and even cause service failures through a specially created HTML page...

SUSE CVE-2024-46766

In the Linux kernel, the following vulnerability has been resolved: ice: move netifqueuesetnapi to rtnl-protected sections Currently, netifqueuesetnapi is called from icevsirebuild that is not rtnl-locked when called from the reset. This creates the need to take the rtnllock just for a single...

CVE-2024-22303

Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4...

PT-2024-19325 · Houzez · Houzez

Name of the Vulnerable Software and Affected Versions: Houzez versions 3.2.4 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in Houzez. Recommendations: For Houzez versions 3.2.4 and earlier, update to a version...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when an admin assigns a valuator to a proposal, or does an action that generates an admin activity log. Workaround Users who are not able to upgrade to the fixed version can redirect the pages /admin and...

CVE-2024-1578

Summary: The MiCard PLUS Ci and MiCard PLUS BLE reader products (rf IDEAS; rebranded by NT-ware) have a firmware fault that may cause characters to be randomly dropped from ID card reads. This leads to the wrong ID card number during ID card self-registration and may result in failed user logins....

PT-2024-24369 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.7 Decidim versions prior to 0.28.2 Description: The admin panel of Decidim is subject to potential Cross-site scripting XSS attacks when an admin assigns a valuator to a proposal or performs any other action tha...

The vulnerability of the LiteSpeed Cache plugin for WordPress (LSCWP), a content management system for WordPress websites, relates to improper privilege assignment, allowing attackers to escalate their privileges.

The vulnerability of the LiteSpeed Cache plugin for WordPress LSCWP, a content management system for WordPress websites, is related to incorrect privilege assignment. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability in the `drivers/usb/gadget/function/f_ncm.c` component of the Linux operating system, related to pointer assignment errors, allows an attacker to cause a service failure.

The vulnerability in the drivers/usb/gadget/function/fncm.c component of the Linux operating system is related to pointer assignment errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability in the “drivers/media/test-drivers/vidtv/vidtv_psi.c” component of the Linux operating system, related to pointer assignment errors, allows an attacker to cause a service failure.

The vulnerability of the “drivers/media/test-drivers/vidtv/vidtvpsi.c” component in the Linux operating system is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to cause service failures...

The vulnerability of the DRM/AMD/display components in the Linux operating system, related to pointer dereferencing errors, allows a violator to trigger a service failure.

The vulnerability of the DRM/amd/display components in the Linux operating system is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2024-45015

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpuencoder's connector assignment to atomicenable For cases where the crtc's connectorschanged was set without enable/active getting toggled , there is an atomicenable call followed by an atomicdisable but witho...

AZL-49248 CVE-2024-45015 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpuencoder's connector assignment to atomicenable For cases where the crtc's connectorschanged was set without enable/active getting toggled , there is an atomicenable call followed by an atomicdisable but witho...

DEBIAN-CVE-2024-45015

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpuencoder's connector assignment to atomicenable For cases where the crtc's connectorschanged was set without enable/active getting toggled , there is an atomicenable call followed by an atomicdisable but witho...

AZL-49176 CVE-2024-45015 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpuencoder's connector assignment to atomicenable For cases where the crtc's connectorschanged was set without enable/active getting toggled , there is an atomicenable call followed by an atomicdisable but witho...

UBUNTU-CVE-2024-45015

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpuencoder's connector assignment to atomicenable For cases where the crtc's connectorschanged was set without enable/active getting toggled , there is an atomicenable call followed by an atomicdisable but witho...