3742 matches found
Malicious Package
Overview promohline is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview @iwcp/nebula-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
Malicious Package
Overview @commercialsalesandmarketing/contact-search is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...
Malicious Package
Overview state.aggregator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by one ...
Malicious Package
Overview klook-node-framework-currency is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was...
Malicious Package
Overview logquery is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by one of Snyk'...
Malicious Package
Overview email-report is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
PT-2022-22133 · Pmb · Pmb
Name of the Vulnerable Software and Affected Versions: PMB version 7.3.10 Description: The issue allows reflected XSS via the id parameter in an lvl=author see request to "index.php". This can potentially lead to malicious script execution. Recommendations: For PMB version 7.3.10, consider...
PT-2022-20956 · Mercury · Mercury Mipc451-4
Name of the Vulnerable Software and Affected Versions: MERCURY MIPC451-4 version 1.0.22 Build 220105 Rel.55642n Description: The issue is a remote code execution RCE vulnerability. It can be exploited via a crafted POST request. Recommendations: For MERCURY MIPC451-4 version 1.0.22 Build 220105...
PT-2022-3015 · Adobe · Illustrator
Name of the Vulnerable Software and Affected Versions: Adobe Illustrator versions 26.0.2 and earlier Adobe Illustrator versions 25.4.5 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current...
PT-2022-3393 · Pypi · Request +1
Name of the Vulnerable Software and Affected Versions: keep versions prior to 1.2 Description: The issue is related to a code-execution backdoor inserted by a third party in the keep package for Python. This backdoor is associated with a malicious dependency named request. Exploitation of this...
PT-2022-20474
Name of the Vulnerable Software and Affected Versions PJSIP versions prior to and including 2.12.1 Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A stack buffer...
PT-2022-20309 · Xpdf +1 · Xpdf +1
Name of the Vulnerable Software and Affected Versions: xpdf version 4.04 Description: The issue arises when xpdf allocates excessive memory in response to crafted input. This can be triggered by sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE CX...
PT-2022-26316 · Unknown +1 · Mybatis Pagehelper +1
Name of the Vulnerable Software and Affected Versions: jsonlint version 1.0 MyBatis PageHelper versions 3.5.x through 5.3.x Description: The issue involves a heap-buffer-overflow in jsonlint and a time-blind SQL injection vulnerability in MyBatis PageHelper. The jsonlint vulnerability occurs via...
PT-2022-13915 · FFmpeg +3 · Ffmpeg +3
Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 4.4.2 FFmpeg versions prior to 5.0.1 Description: An integer overflow issue was discovered in the g729 parse function located in libavcodec/g729 parser.c when handling a specially crafted file. This issue can be...
GSD-2022-1002292 ARM: davinci: da850-evm: Avoid NULL pointer dereference
ARM: davinci: da850-evm: Avoid NULL pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.239 by commit...
GSD-2022-1002159 ARM: davinci: da850-evm: Avoid NULL pointer dereference
ARM: davinci: da850-evm: Avoid NULL pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.190 by commit...
GSD-2022-1001947 ARM: davinci: da850-evm: Avoid NULL pointer dereference
ARM: davinci: da850-evm: Avoid NULL pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.112 by commit...
GSD-2022-1001644 ARM: davinci: da850-evm: Avoid NULL pointer dereference
ARM: davinci: da850-evm: Avoid NULL pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.35 by commit...
GSD-2022-1001401 powerpc/set_memory: Avoid spinlock recursion in change_page_attr()
powerpc/setmemory: Avoid spinlock recursion in changepageattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...