21 matches found
Drawing the LINE: Cryptographic Analysis and Security Improvements for the LINE E2EE Protocol
LINE has emerged as one of the most popular communication platforms in many East Asian countries, including Thailand and Japan, with millions of active users. Therefore, it is essential to understand its security guarantees. In this work, we present the first provable security analysis of the LIN...
GHSA-8X3W-QJ7J-GQHF openmls has improper tag validation
Membership and confirmation tags may not be checked correctly due to a missing length check. Any tag that is shorter than the expected tag, but matches up to its length, as well as any empty tag is considered valid. Impact The vulnerability affects a secondary authentication guarantee that MLS...
openmls has improper tag validation
Membership and confirmation tags may not be checked correctly due to a missing length check. Any tag that is shorter than the expected tag, but matches up to its length, as well as any empty tag is considered valid. Impact The vulnerability affects a secondary authentication guarantee that MLS...
EUVD-1999-1251
Malware in sbrugna...
EUVD-2021-2166
Malware in sbrugna...
EUVD-2020-22427
Malware in sbrugna...
USN-7654-4: Linux kernel (KVM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...
MAL-2025-5897 Malicious code in bk-card-cc-credit-limit-adjustment-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 839ee8572e063e7008de9939f5e66afdb87eb4083735168ee48b739ed54814d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5907 Malicious code in dark-switch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12148dc0d61c4e63738c356e019b3cc4d6ef0b5f1b23fae084daa1be5dccefd5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5880 Malicious code in @pmm-ux/asset-uploader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d55463889147e38c097882b9f092f80284c39e9abddb7fba65570dc12906d7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4912 Malicious code in yux-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32619602ea22f43c922bd51fb5af4f417fee447f162999a6e291f7f83a39e9a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4385 Malicious code in payment-gateway-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e9150cc48f5c4ea4e3d53aeeba789b513dcfb174ba1f74dfc1b3f5272aadc5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3885 Malicious code in etherbundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71305511ac73c9c681a5abf765d127187bb45c8c2b946c2ce40afe03e408c0d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2553 Malicious code in @shanye3501/curvess (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e18457ae0b04b57176a0e8d4a09d0646e05493edd1224fb1ceda27eafe97c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2358 Malicious code in airbnb-jitney-schemas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d76706b4f731a72f676dcad6dd407e8944420bf6d13444362341eceb7adbac2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
QNAP QuTS hero Information Disclosure Vulnerability (QSA-25-03)
QNAP QuTS hero is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero...
MAL-2024-11834 Malicious code in imran-spotifydl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3800cf40bde01dd8a476c0c1967b5e7bceaf578a40d99d3561a626ba1ef5d24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-48865
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following...
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLCREDENTIALSDISCLOSURECVE-2024-25735.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20...
CuteNews 1.4.6 - 'index.php' Cross-Site Request Forgery (New User Creation)
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...