MAL-2026-1934 Malicious code in big-nunber (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f23ede1c7b10923f9db48acb43cc160860b18e8be59b8bd2a26109ac8495ddd0 The package big-nunber was found to contain malicious code. Source: ghsa-malware af922fdcf3519d03326fd29435ab7bb179a1505a9082641e92a2f77f98332974 Any...

Malicious Package

Overview ts-big-number is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1134 Malicious code in ts-big-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...

Malicious code in ts-big-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...

bn.js 安全漏洞

bn.js is a large number processing library developed by Fedor Indutny. Versions of bn.js prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from calling maskn0 on any BN instance, which could corrupt internal state. This allowed methods like toString and divmod to...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely. PoC javascript const BN = require'bn.js'; // any...

RockyLinux 8 : container-tools:4.0 (RLSA-2023:2802)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2802 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

GHSA-FPW7-J2HG-69V5 mysql2 Remote Code Execution (RCE) via the readCodeFor function

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

Remote Code Execution (RCE)

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. PoC js sql:SELECT...

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

...

Vulnerabilities in the OpenSSL library, which allow a hacker to trigger a service failure or cause other adverse effects

The multiple vulnerabilities in the OpenSSL library are caused by a numerical overflow. Exploitation of these vulnerabilities could allow an attacker to trigger a service failure memory corruption or cause other effects through a long string of digits, leading to incorrect processing in functions...