Malicious Package

Overview yandex-sanitizer is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview yasap-gulp-dev-tools is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview @yandex-travel/ts-config is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview yasap-cache is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview ninja-turtle-oil-spill is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview harel-logger-ts is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview harel-health-check is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview @roots/bud is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview fkletbbpoc is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview discourse-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview node-debug-service is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview @yandex-travel/ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

SUSE CVE-2020-15103

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data th...

SUSE CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

PT-2023-5950 · Git · Git

Name of the Vulnerable Software and Affected Versions: Git for Windows versions prior to 2.39.2 Description: The issue is related to the execution of untrusted code when gitk is run on Windows. This can be exploited through social engineering to trick users into running untrusted code. The proble...

GSD-2023-1001930 net/mlx5e: Avoid false lock dependency warning on tc_ht even more

net/mlx5e: Avoid false lock dependency warning on tcht even more This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...

PT-2023-18887 · Unknown · Provide Server

Name of the Vulnerable Software and Affected Versions: Provide server version 14.4 Description: The issue allows attackers to execute arbitrary code through the server-log via the username field from the login form. This is a Cross Site Scripting XSS issue. Recommendations: For Provide server...

PT-2023-2766 · Pypi +10 · Cryptography +10

Name of the Vulnerable Software and Affected Versions: cryptography versions 1.8 through the latest version before the fix Description: The issue is related to the Cipher.update into function in the cryptography package, which would accept Python objects that implement the buffer protocol but...

Malicious Package

Overview kfactionbypasser is a malicious package. It distributes Discord malware hosted on GitHub, that can steal important host information and credentials. Remediation Avoid using all malicious instances of the kfactionbypasser package. References - Injected Code Credit: Snyk Research Team...

Malicious Package

Overview methantiafk is a malicious package. It distributes Discord malware hosted on GitHub, that can steal important host information and credentials. Remediation Avoid using all malicious instances of the methantiafk package. References - Injected Code Credit: Snyk Research Team...