Malicious Package

Overview raw-tool is a malicious package. Looking into the setup.py function: 1 it tries to access the host at TCP port 35019. 2 it downloads all the files from the host. 3 it base64 decodes, decompresses, and executes. It can allow the attacker full control over the host. Malicious Code The code...

CVE-2020-8200

Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. Recent assessments: kevthehermit at September 14, 2020 4:27pm UTC reported:...

The vulnerability of the Certificate Management Server component in the Network Security Services library allows a perpetrator to trigger a service failure.

The vulnerability of the Certificate Management Server CMS component in the NSS library set is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

RVM Code Execution Vulnerability

RVM is a Ruty version management command line tool that supports the installation and management of multiple Ruty environments including compilers. A code execution vulnerability exists in RVM 1.28.0 and earlier versions. An attacker can exploit the vulnerability to execute code...

Schneider homeLYnk Controller LSS1001003 Cross-Site Scripting Vulnerability

Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Schneider homeLYnk Controller LSS1001003 is a logic controller. A cross-site scripting vulnerability exists in the...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Android operating system’s mediaserver component is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...