2123 matches found
USN-5473-2 ca-certificates update
USN-5473-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla...
Malicious code in swiper-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b97df99e38008c85b965c6dbc9277f1c08a98288578d244c25a5eb8d2d853d5c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6377 Malicious code in swiper-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b97df99e38008c85b965c6dbc9277f1c08a98288578d244c25a5eb8d2d853d5c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=3.6.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +440 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.25.0)
org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =3.6.0, =2.5.4, =3.0.0, =4.2.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =2012.12.01, =2012.12.01, =0.0.4, =4.0.4 - com.adobe.aem:aem-sdk-api =2020.6.3800.20200626T210738Z-200604 - com.adobe.commerce.cif:core-cif-components-it-http =1.2...
CVE-2022-2068
creationtimestamp| type| source ---|---|--- 2022-06-21 16:50:50+00:00| seen| https://t.me/antichat/9887 2025-01-26 09:43:06+00:00| published-proof-of-concept| Telegram/6MjhSnJNjnU7ZuaxfNMF1kI6EhfOaDQaVfpRiMhlDYDzF4 2025-02-14 16:37:45+00:00| seen|...
Malicious code in loblaws-mkt-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea14e6341d6cce727bc70b18f296d4597f68f72df8956aad5e7fe6adb92ff6f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4350 Malicious code in loblaws-mkt-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea14e6341d6cce727bc70b18f296d4597f68f72df8956aad5e7fe6adb92ff6f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2561 Malicious code in domestic-market-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da471213bbf63b13a1bc234f22ce43ce95a7b3e1e195a2af6487c525e75b9b4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in domestic-market-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da471213bbf63b13a1bc234f22ce43ce95a7b3e1e195a2af6487c525e75b9b4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mailru-toolkit-lego-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ad7f34dc30e8c7b2d7ac5ce792161ffaa94305473c6cbfc016f30ff1d89916b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4459 Malicious code in mailru-toolkit-lego-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ad7f34dc30e8c7b2d7ac5ce792161ffaa94305473c6cbfc016f30ff1d89916b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in odesk.bpa-tsf-calc-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 913d44e6393e1a341f574267f3a31fb22effca6602c910ed05a2274faf14437a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5022 Malicious code in odesk.bpa-tsf-calc-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 913d44e6393e1a341f574267f3a31fb22effca6602c910ed05a2274faf14437a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE-FU-2022:2135-1 Feature update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient bsc1199149 - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9...
SUSE-FU-2022:2042-1 Feature update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient bsc1199149 - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9...
USN-5473-1 ca-certificates update
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle...
GHSA-2CXG-448H-4WXJ Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
Jenkins Support Core Plugin did not validate the paths submitted for the "Delete Support Bundles" feature. This allowed users to delete arbitrary files on the Jenkins controller file system accessible to the OS user account running Jenkins. Additionally, this endpoint did not perform a permission...
GHSA-342C-F869-5M44 Apache Sling POST Servlets Denial of Service Vulnerability
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...
net.adamcin.recap:net.adamcin.recap.addressbook (>=0.8.0 <=1.0.1), net.adamcin.recap:net.adamcin.recap.core (>=0.8.0 <=1.0.1) +16 more potentially affected by CVE-2016-6801 via org.apache.jackrabbit:jackrabbit-webdav (>=2.4.0 <=2.4.5)
org.apache.jackrabbit:jackrabbit-webdav MAVEN version =2.4.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =1.1.0, =2.1.2, =5.12.0, =5.11.0, =5.12.2 and more Source cves: CVE-2016-6801 Source advisory: OSV:GHSA-9FC7-RHQ3-WM7X...
GHSA-PW5C-XQF2-6XC2 Doctrine Security Misconfiguration Vulnerability
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...