127 matches found
Malicious code in @things-factory/email-base (npm)
Suspicious postinstall script executes bundle.js which contains code flagged by YARA rule unsignedbitwisemathexcess, indicating malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cdc3773013abc63a59090ab3b457bc1e047f7a294edd5f35e6ce43840fc0520 Any computer tha...
MAL-2025-47228 Malicious code in remark-preset-lint-crowdstrike (npm)
Suspicious postinstall script executes a file with excessive bitwise math. Likely malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 165b629be2876c01b20135bbf391a92b4ae66e6645b8f390bcbb5373f8d43c5b Any computer that has this package installed or running should...
Malicious code in eslint-config-crowdstrike (npm)
Suspicious postinstall script executing bundle.js combined with unsignedbitwisemathexcess YARA rule match indicates potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5700b3786b16cd76be2c86bc19af1fd76ac0dbfa6bb16f29e3837fc94598b75 Any computer that...
Malicious code in eslint-config-crowdstrike-node (npm)
Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...
MAL-2025-47227 Malicious code in eslint-config-crowdstrike-node (npm)
Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...
MAL-2025-47218 Malicious code in @crowdstrike/logscale-parser-edit (npm)
Suspicious postinstall script executing bundle.js and bundle.js contains excessive unsigned bitwise math, indicating potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5e2fca0afc744f9b2cec20ddf740574c42864336447119ed7715555896bde9 Any computer that...
Linux Distros Unpatched Vulnerability : CVE-2021-3490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of boun...
Incorrect Bitwise Shift of Integer
Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer through the ochufftreeunpack function. Remediation There is no fixed version for theora. References - PoC - Red Hat Bugzilla Bug - Vulnerable Code...
ROS-20240927-05
Vulnerability in the afunix component's unixreleasesock/unixstreamsendmsg function is related to competitive access to a resource race condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the drivers/media/test-drivers/vidtv/vidtvpsi...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from Bitwise shifts being out of range for its data type...
LaborOfficeFree 19.10 - MySQL Root Password Calculator Exploit
Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on: Windows 10 CVE : CVE-2024-1346...
CVE-2021-46974
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the offreg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix,...
Incorrect functionID will not trigger fallback
Lines of code Vulnerability details Impact When encoding a payload for settlement of multiple tokens, the fallback flag is not set when it should be. This will cause no fallback to be triggered even though the user has paid enough to cover the additional costs that are required. Proof of Concept ...
PYSEC-2023-167
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
PYSEC-2023-167
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
CVE-2023-40015 Vyper: reversed order of side effects for some operations
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
Incorrect Bitwise Shift Operation in _validateCall Function
Lines of code Vulnerability details Impact Let's break down this part of the function: if returnedData.length 32 || bytes28bytes32returnedData 32 != bytes280 revert LSP20InvalidMagicValuepostCall, returnedData; This if statement is intended to do two things, as indicated by the two conditions...
EulerOS Virtualization 2.11.0 : multipath-tools (EulerOS-SA-2023-2098)
According to the versions of the multipath-tools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction...
EulerOS Virtualization 2.11.1 : multipath-tools (EulerOS-SA-2023-2046)
According to the versions of the multipath-tools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction...
EulerOS Virtualization 2.10.1 : multipath-tools (EulerOS-SA-2023-1894)
According to the versions of the multipath-tools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction...