Malicious Package

Overview acookie is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the acookie package. Credit: Snyk Research...

PT-2021-6956 · Microsoft · 365 +3

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Microsoft 365 affected versions not specified Microsoft Office affected versions not specified Microsoft Office Online Server affected versions not specified Description: The issue is related to...

UVI-2021-1000175 ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure

ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.118 by commit...

PT-2021-18745 · Podofo +4 · Podofo +4

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.7 Description: A flaw was found in the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp, which can lead to a stack overflow due to an uncontrolled recursive call. Recommendations: For PoDoFo version...

PT-2021-18746 · Podofo +2 · Podofo +2

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.7 Description: A flaw was found in the PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp, which allows for a stack-based buffer overflow due to an improper check of the keyLength value. Recommendations: For PoDo...

opensc security, bug fix, and enhancement update

0.20.0-4 - Use file cache by default 1892810 - Avoid calloc with 0 argument 1895401 0.20.0-3 - Support PIN change for HID Alt tokens 1830901 - Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572 - Fix right padding of token labels of some cards 1877973...

Malicious Package

Overview npmkoopxxxz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview e39testing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @cawraytestorg/packagetest2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview hardhat-cookie is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview sap-authorize is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview e39test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview duckc2-v5.5.5 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview string-easy-assistant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2021-7920 · Exiv2 +9 · Exiv2 +9

Name of the Vulnerable Software and Affected Versions: Exiv2 versions v0.27.3 and earlier Description: The issue is related to an out-of-bounds read in Exiv2, which can be triggered when the utility is used to write metadata into a crafted image file. This could potentially allow an attacker to...

yappa-ng vulnerable to cross-site scripting

Overview yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During...

PT-2021-2690 · Openvpn +5 · Openvpn +5

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.5.1 and earlier Description: The issue allows a remote attacker to bypass authentication and access control channel data on servers configured with deferred authentication. This can potentially be used to trigger further...

CTF-All-In-One

This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

PT-2021-7867 · Libraw +8 · Libraw +8

Name of the Vulnerable Software and Affected Versions: LibRaw version 0.20.0 Description: The issue is related to a buffer overflow in the LibRaw buffer datastream::gets function, located in the libraw datastream.cpp component of the LibRaw image processing library. This allows an attacker to...

PT-2021-17972 · Rust +6 · Rust +6

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.52.0 Description: The issue is related to a panic safety problem in the Zip implementation of the Rust standard library. It occurs when the underlying iterator panics under certain conditions, causing iterator get...