3743 matches found
PT-2024-6882 · Adobe · Dimension
Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 4.0.3 and earlier Description: The issue is related to an out-of-bounds write vulnerability in Adobe Dimension, which can lead to arbitrary code execution in the context of the current user. Exploitation of this issue...
PT-2024-31403 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed version Description: A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories, and/or...
PT-2024-39657 · Avast · Avg/Avast Antivirus
Name of the Vulnerable Software and Affected Versions: AVG/Avast Antivirus versions prior to signature 24092400 Description: The issue is related to an out-of-bounds write in the engine module of AVG/Avast Antivirus, which can be triggered by a malformed eml file. This can cause the application t...
Malicious Package
Overview braintreeexpressexample is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection betwe...
Malicious Package
Overview svelte-hms-world is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview videojs-sneakpeek is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between tha...
Malicious Package
Overview sae-viewer is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview braintree.github.io is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between...
Malicious Package
Overview annotation-app is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview branch-extension is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
PT-2024-32645 · Scout · Scout
Name of the Vulnerable Software and Affected Versions: Scout versions prior to 4.89 Description: The issue arises from the lack of sanitization in filenames, allowing bypass of intended file extensions. This enables the download of malicious files with any extension. If users unknowingly download...
PT-2024-39550 · Sourcecodester · Sourcecodester Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Advocate Office Management System version 1.0 Description: A critical issue affects the processing of the file /control/login.php, where the manipulation of the username argument leads to sql injection. The attack can be...
Oracle Linux 8 : kernel (ELSA-2024-7000)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-7000 advisory. - wifi: mac80211: Avoid address calculations via out of bounds array indexing Michal Schmidt RHEL-51278 CVE-2024-41071 - protect the fetch of -fdfd in...
PT-2024-32037 · Draytek · Draytek Vigor 3910
Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow was discovered in the pb parameter at the "v2x00.cgi" endpoint, allowing attackers to cause a Denial of Service DoS via a crafted input. Recommendations: For Draytek Vigor 3910...
PT-2024-39250 · Unknown · Qdocs Smart School Management System
Name of the Vulnerable Software and Affected Versions: QDocs Smart School Management System version 7.0.0 Description: A critical vulnerability was found in the QDocs Smart School Management System. The issue affects an unknown functionality of the file /user/chat/mynewuser of the component Chat...
md/dm-raid: don't call md_reap_sync_thread() directly
...
bpf: Avoid splat in pskb_pull_reason
...