Malicious code in ttat-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 171a49cab7c7b9f2c358c0e14882706dcd80cde089799698400155ee26240e80 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

Malicious code in byted-rtc-robot-api-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69373c46b5c735a1890c7a3b601ef30c64493d656302703ceccd4d153e3dab11 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

CVE-2024-41697 Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

PT-2024-8008 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: PP TeleControl Server Basic versions prior to V3.1.2.1 with redundancy configured TeleControl Server Basic versions prior to V3.1.2.1 with redundancy configured Description: The affected system allows remote users to send maliciously crafted...

CVE-2024-7900

A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact...

CVE-2024-7581

A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

Tenda A301 缓冲区错误漏洞

Tenda A301 is a wireless signal extender from Tenda, China. Tenda A301 suffers from a buffer overflow vulnerability that originates from the function formWifiBasitSet in /goform/WifiBasicSet, no detailed vulnerability details are provided at this time...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows that stems from the presence of an elevation of privilege vulnerability that could allow an attacker with basic user privileges to...

SUSE CVE-2024-41048

In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in skmsgrecvmsg When running BPF selftests ./testprogs -t sockmapbasic on a Loongarch platform, the following kernel panic occurs: ... Oops1: CPU: 22 PID: 2824 Comm: testprogs Tainted: G OE 6.10.0-rc2+...

SUSE CVE-2024-42111

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...

CBL Mariner 2.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

Malicious code in advdef01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44ffce32113cbe3c908fd584f4b02617cafcfecccc3cea1c4fc068021c4bfa7d Package uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages. --- Category: MALICIOUS - The campaign ha...

Arbitrary File Deletion

org.apache.linkis, linkis-common is vulnerable to Arbitrary File Deletion. The vulnerability is due to a defect in the Basic management services component which allows a user with an administrator account to delete any file accessible by the Linkis system user...

CVE-2024-6104

...

Apache Linkis vulnerable to privilege escalation

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

GHSA-V352-RG37-5Q5M Apache Linkis vulnerable to privilege escalation

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

CVE-2024-27182

CVE-2024-27182 affects Apache Linkis

CVE-2024-27181

CVE-2024-27181 affects Apache Linkis prior to 1.6.0. The issue is privilege escalation in the Basic management services where an attacker with a trusted account can access Linkis token information, elevating privileges. The root cause is elevation of privilege through trusted-account access to se...

DEBIAN-CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...