67 matches found
EUVD-2016-7543
Malware in sbrugna...
EUVD-2016-0746
Malware in sbrugna...
EUVD-2017-14086
Malware in sbrugna...
EUVD-2018-11890
Malware in sbrugna...
EUVD-2015-5307
Malware in sbrugna...
EUVD-2016-0742
Malware in sbrugna...
EUVD-2022-45051
Malicious code in bioql PyPI...
MAL-2025-6296 Malicious code in node-buildpack-test-app (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 853e825cb3a7ee79b6c801ac036e895ab6ef780891a544abe6b9f5c54bdc33b9 The OpenSSF Package Analysis project identified...
Malicious code in node-buildpack-test-app (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 853e825cb3a7ee79b6c801ac036e895ab6ef780891a544abe6b9f5c54bdc33b9 The OpenSSF Package Analysis project identified...
CVE-2022-41939
knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...
Azure Spring Apps Enterprise – More Power, Scalability & Extended Spring Boot Support
Can you believe Spring is celebrating its 20th anniversary this year? We could not have gotten here without our millions of Spring developers across the globe, thank you! Spring has been an essential tool for Java developers, and it continues to grow and innovate at a fast pace. From the onset,...
Malicious Package
Overview node-buildpack-test-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
CVE-2022-41939
knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...
Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105 ) impact on Cloud Foundry Products | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed . Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser and may allow for remote...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Workaround for CVE-2021-44228 Log4j RCE exploit as a buildpa...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
Summary Node.js 16-Nov-2020 Security releases available Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigg...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
Summary Node.js Update 15-Sept-2020 Security releases available Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerabili...
Security Bulletin: A Node.js npm CLI module vulnerability affects IBM® SDK for Node.js™ in IBM Cloud (CVE-2020-15095)
Summary There is a vulnerability which could allow a local attacker to obtain sensitive information in the Node.js npm CLI module that is used in IBM® SDK for Node.js™ in IBM Cloud. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION: Node.js npm CLI module could allow a local attacker to...
Security Bulletin: OpenSSL vulnerability affects IBM® SDK for Node.js™ in IBM Cloud
Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
Summary Node.js Update 6-February-2020 Security releases available Vulnerability Details CVEID: CVE-2019-15605 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker...