MAL-2024-8862 Malicious code in bcrypts-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 119f108e696a505c0b232d8ee8e4919de05b9f92725dcc535747aea9290433ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8873 Malicious code in sketch-crowdin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760414998be33a4144fb0eee0455cc462dea5f95e07189b1ff637271a0014974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8870 Malicious code in publish-test-result-screenshot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf2cd13f851593ee5dc61c5c17c22a1efa0d43ec11f32023e7dfecfdd1c76adb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in create-auction-house (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2211dcc1cfcd557e8c971ec03d126ef506517e91d0037f89be0bfb34265f0b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8864 Malicious code in create-auction-house (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2211dcc1cfcd557e8c971ec03d126ef506517e91d0037f89be0bfb34265f0b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8866 Malicious code in leaktopus-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83373d23f7e3f374eb8fc44cfa92d26ccef29ba9113f260f71e58d6dda5eea67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8863 Malicious code in conductor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware debe53d4542ba37ede81c11f2616cddddf8770ea090f4b3d16482b831a489937 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8865 Malicious code in fma-connect-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcf0b80ef1af82685e7d25cbdf7f61311436163a9e7593d7271f61fcd73f6875 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

The Singapore Police Force SPF has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9...

scsi: core: Fix unremoved procfs host directory regression

...

MAL-2024-8861 Malicious code in cryptograph-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 344b01183d31f7bfbadedba12b2bfe4e733ea76938ea8976787f6c400b39f5a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CGA-RM26-RMF3-QJQC

Bulletin has no description...

2024-09 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5043064)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

CVE-2024-45393

Summary: CVAT prior to 2.18.0 is affected by a vulnerability where an account holder can access webhook delivery information for any webhook (including others’) and can redeliver past deliveries or trigger a ping event. The underlying issue is missing authorization for webhook delivery endpoints....

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool CVAT versions prior to 2.18.0 that originates from an attacker with a CVAT account having access to any...

MAL-2024-8853 Malicious code in roblox-event-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f08f30c6d48fad2d39e96f192eb0efb0ae97511a98d6ef6b3048b20486f7c30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

glib2: Signal subscription vulnerabilities

A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the...