PT-2022-24368 · Tenda · Tenda Ac18 Wifi Router +1

Name of the Vulnerable Software and Affected Versions: Tenda AC15 WiFi Router version V15.03.05.19 multi Tenda AC18 WiFi Router version V15.03.05.19 multi Description: A buffer overflow issue was discovered via the filePath parameter at the "/goform/expandDlnaFile" API endpoint. Recommendations:...

PT-2022-4937 · Isc +12 · Bind +12

Name of the Vulnerable Software and Affected Versions: BIND versions prior to the fixed version Description: The issue is related to a flaw in the DNSSEC implementation of the BIND DNS server, specifically with the incorrect verification of the EdDSA cryptographic signature. This can be exploited...

Malicious Package

Overview ts-petstore-client is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview @iamexperiences/react-auth is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious Package

Overview com.unity.film-internal-utilities is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

PT-2022-5109 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 17.3 and earlier Adobe InCopy versions 16.4.2 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation...

PT-2022-5233 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 22.5.8 and earlier Adobe Photoshop versions 23.4.2 and earlier Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user...

PT-2022-5062 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 12.0.2 and earlier Adobe Bridge versions 11.1.3 and earlier Description: The issue is related to an out-of-bounds read in memory when parsing a crafted file, which could result in reading past the end of an allocated...

PT-2022-5048 · Adobe · Indesign

Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 16.4.2 and earlier Adobe InDesign versions 17.3 and earlier Description: The issue is related to an out-of-bounds read that could lead to disclosure of sensitive memory. An attacker could leverage this to bypass...

PT-2022-5081 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 12.0.2 and earlier Adobe Bridge versions 11.1.3 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. This...

PT-2022-6098 · Pdfkit · Pdfkit

Name of the Vulnerable Software and Affected Versions: pdfkit versions 0.0.0 through 0.8.7.2 Description: The issue is related to insufficient argument checking in the pdfkit library, which can be exploited by a remote attacker to execute arbitrary commands. This is a Command Injection...

Malicious Package

Overview epic-ue-marketo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview mdcs-xms-core-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview instantsearch-electron is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview dubux is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was install...

Malicious Package

Amendment This was deemed not a vulnerability. Overview epic-unreal-engine is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'...

Malicious Package

Overview wc-skroutz-analytics is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview @ay-cms/cms-web-sdk is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

Malicious Package

Overview fleetrouting-app-backend is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview integrationreddit is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...