Malicious code in dcapps-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1dda6406c22ba94ba014724ba09ba61725dfcb8f77984fe08eb729add3d9e58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11184 Malicious code in dcapps-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1dda6406c22ba94ba014724ba09ba61725dfcb8f77984fe08eb729add3d9e58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

aeiva (>=0.8.2.4 <=0.8.2.6), aiai-cli (>=0.1.0 <=0.1.13) +63 more potentially affected by CVE-2024-53981 via python-multipart (>=0.0.10 <=0.0.17)

python-multipart PYPI version =0.0.10, =0.8.2.4, =0.1.0, =0.0.1, =0.3.0, =0.8.26, =2.0.0, =0.3.3, =0.1.6, =0.1.23, =0.0.10, =0.11.6, =0.2.0, =2024.10.0, =0.0.0a10, =0.0.0a11 - fastapi-users =14.0.0 and more Source cves: CVE-2024-53981 Source advisory: OSV:GHSA-59G5-XGCQ-4QW3...

GO-2024-3296 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli

Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli...

veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...

CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

CVE-2024-53848

The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

CVE-2024-52800

The CVE-2024-52800 issue affects veraPDF: when executing policy checks via the CLI using custom Schematron-based policy files, an XSL transformation may enable a remote code execution (RCE) or XXE-type vector. The vulnerability concerns the policy-check workflow (policy profiles with user-provide...

AZL-53801 CVE-2024-36623 affecting package moby-cli for versions less than 24.0.9-6

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

AZL-53827 CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

CVE-2024-11013

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...

PT-2024-9531

Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.63.1 Description A security issue has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run...

Mageia: Security Advisory (MGASA-2024-0375)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

AZL-53759 CVE-2024-53858 affecting package gh for versions less than 2.13.0-24

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

AZL-53477 CVE-2024-53858 affecting package gh for versions less than 2.62.0-5

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

DEBIAN-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

UBUNTU-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...