Malicious code in @authentication-pages/vue-cli-prebuild (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3c92ef13745278b15d59dfa706f96df5f1c3bb0261c9471d3e56eaa1449059e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8 Malicious code in @authentication-pages/vue-cli-prebuild (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3c92ef13745278b15d59dfa706f96df5f1c3bb0261c9471d3e56eaa1449059e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-52081

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...

CVE-2023-52081 ewen-lbh/ffcss late-Unicode normalization vulnerability

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...

CVE-2023-52081

ffcss (the Firefox CSS themes CLI) before version 0.2.0 contains a vulnerability in lookupPreprocess() where late Unicode normalization (NFKD) can bypass the intended regex filter and reintroduce characters like _ and ., allowing relaxed theme searches. The security impact is described as low and...

CVE-2023-52081 ewen-lbh/ffcss late-Unicode normalization vulnerability

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...

AZL-34589 CVE-2023-48795 affecting package cf-cli for versions less than 8.7.11-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-32223 CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

at51 (>=0.1.1 <=0.4.1), atrac3p-decoder (>=0.1.0 <=0.1.2) +51 more potentially affected by CVE-2023-53156 via transpose (=0.1.0)

transpose CARGO version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on transpose and may be impacted: - at51 =0.1.1, =0.1.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =2.6.2, =0.6.0, =0.1.0, =0.1.0, =0.1.1 and more Source...

Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

Command injection

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a...

Command injection

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the...

CVE-2023-44279

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a...

CVE-2023-44279

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a...

Command injection

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's...

PT-2023-29184 · Dell · Dell Powerprotect Dd

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD LTS versions prior to 7.7.5.25 Dell PowerProtect DD LTS versions prior to 7.10.1.15 Dell PowerProtect DD version 6.2.1.110 Description: The issue concerns an OS command...

Dell PowerProtect Data Domain 操作系统命令注入漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A command execution vulnerability exists in Dell PowerProtect Data Domain that stems from a failure to properly filter construct command...

CVE-2022-27488

A cross-site request forgery CSRF in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2,...

Fortinet FortiVoice Security Vulnerability

Fortinet FortiSwitch and others are products of Fortinet, Inc. FortiSwitch is a switch product and Fortinet FortiVoice is a product of tine and others are products of tine, Inc. tine is a team collaboration software. A security vulnerability exists in Fortinet FortiVoiceEnterprise, FortiSwitch,...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...