Malicious Package

Overview testing-package-bose is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in testing-package-bose (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf9cef522b7a8b6ce59335bbac80dcc488adedcd397bbc6b1e12816b4c54d170 The package testing-package-bose was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3511

Malicious code in testing-package-bose npm...

MAL-2026-366 Malicious code in testing-package-bose (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf9cef522b7a8b6ce59335bbac80dcc488adedcd397bbc6b1e12816b4c54d170 The package testing-package-bose was found to contain malicious code. Source: ghsa-malware...

EUVD-2017-15576

Malware in sbrugna...

EUVD-2017-8902

Malware in sbrugna...

EUVD-2017-8903

Malware in sbrugna...

EUVD-2018-4594

Malware in sbrugna...

EUVD-2017-8901

Malware in sbrugna...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

SUSE CVE-2017-6520

The Multicast DNS mDNS responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service traffic amplification or obtain potentially sensitive information via port-5353 UDP...

Audio equipment giant Bose hit by ransomware attack, data breach

By Deeba Ahmed The audio equipment manufacturer Bose has confirmed that it was a victim of a ransomware attack and experience a data breach on 7 March 2021. This is a post from HackRead.com Read the original post: Audio equipment giant Bose hit by ransomware attack, data breach...

Bose Admits Ransomware Hit: Employee Data Accessed

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data. The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New...

comune.pavia.it Cross Site Scripting vulnerability OBB-1431249

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

Input validation

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...

CVE-2018-12638

The CVE-2018-12638 entry concerns Bose Soundtouch for iOS version 18.1.4 where there is no frontend input validation of the device name. The underlying cause is reflected in multiple sources as a Cross‑Site Scripting risk: a malicious device name can cause JavaScript to execute in the registered ...

CentOS 6 : ding-libs / sssd (CESA-2018:1877)

An update for sssd and ding-libs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...