Malicious Package

Overview ldtzstxwzpntxqn is a malicious package. A copy-paste of the legitimate package npmi, used by the malicious package gxm-reference-web-auth-server and maintained by the same malicious actor. See gxm-reference-web-auth-server advisory for more information:...

Malicious Package

Overview gctor-storage is a malicious package. The package enumerates and exfiltrates sensitive information from the host machine. Remediation Avoid using all malicious instances of the gctor-storage package. Credit: Snyk Research Team...

SUSE-SU-2022:1108-1 Security update for util-linux

This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. bsc1194642 - Prevent root owning of /var/lib/libuuid/clock.txt. bsc1194642 - Warn if uuidd lock state is not usable. bsc1194642...

PT-2022-5670 · Ckeditor4 +1 · Ckeditor4 +1

Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.18.0 Description: The issue is related to the dialog plugin in CKEditor4, which contains a vulnerability allowing abuse of a dialog input validator regular expression. This can cause a significant performance dro...

PT-2022-3854 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 5.9c.4729 B20191112 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK A3100R version 4.1.2cu.5050 B20200504 TOTOLINK A950RG...

CVE-2022-24762

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in...

PT-2022-16863

Name of the Vulnerable Software and Affected Versions sysend.js versions prior to 1.10.0 Description The issue affects users who use cross-origin communication, potentially allowing their communications to be intercepted. However, the impact is limited because the communication occurs within the...

GSD-2022-1000428 net: dsa: mv88e6xxx: don't use devres for mdiobus

net: dsa: mv88e6xxx: don't use devres for mdiobus This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.24 by commit...

GSD-2022-1000424 misc: fastrpc: avoid double fput() on failed usercopy

misc: fastrpc: avoid double fput on failed usercopy This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.24 by commit...

PT-2022-1945 · Tp Link · Tp-Link Tl-Wr840N

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-WR840NES version V6.20 180709 Description: The issue is related to a remote code execution vulnerability via the function oal wan6 setIpAddr. This vulnerability is associated with the lack of neutralization of special elements when...

PT-2022-7080 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.2.11 Description: The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting XSS attack. This is a reflected XSS vulnerabilit...

zeitarbeit-jobs-sachsen.de Cross Site Scripting vulnerability OBB-2326152

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2025-8462

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the null pointer dereference issue in the drm/amdgpu/pm module. Description A null pointer dereference issue has been identified in the Linux kernel, specifically in the...

Malicious Package

Overview mattermost-mobile-e2e is a malicious package. This package contained malicious code and was removed from the registry by the npm security team. Remediation Avoid using all malicious instances of the mattermost-mobile-e2e package...

Malicious Package

Overview mattermost-mobile is a malicious package. This package contained malicious code and was removed from the registry by the npm security team. Remediation Avoid using all malicious instances of the mattermost-mobile package...

PT-2022-11995 · Spip +2 · Spip +2

Name of the Vulnerable Software and Affected Versions: SPIP version 4.0.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability in the ecrire/public/interfaces.php file, specifically affecting the "Who are you" and "Website Name" fields. An editor can modify their personal...

GSD-2021-1002539 arm64: uaccess: avoid blocking within critical sections

arm64: uaccess: avoid blocking within critical sections This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.6 by commit...

PT-2021-5967 · Adobe · Premiere Pro

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Pro versions 22.0 and earlier and 15.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to...

PT-2021-5970 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 22.0 and earlier Adobe After Effects versions 18.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe After Effects, which could lead to disclosure of sensitive memory...

Malicious Package

Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...