4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai aka Quynh Hoa and Bich Thuy, Nguyen Viet Quoc aka Tien Nguyen,...

Malicious code in kami-richtext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1664 Malicious code in @elza/keepalive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36898e173038cb4c2df4e969d539b9594821fc6f2c6b1c8750d717d5f637eea4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1663 Malicious code in @elza/auto-route-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0394416e392791c5f23be36b82f8800fa29bfd1381f8be67c7362338279c0d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37825

CVE-2024-37825 concerns EnvisionWare Computer Access & Reservation Control SelfCheck v1.0. The Red Hat, NVD, CVE lists and related advisories confirm an unauthenticated directory traversal vulnerability that can be triggered by attackers on the same network. The issue is tied to SelfCheck v1.0 an...

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

GLib: Privilege Escalation

Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...

CVE-2024-31586

A Cross Site Scripting XSS vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters...

Malicious code in trip-component-platform-online-region-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 007878676d8487bbeba763b564d225daf11ed353d8624a1aa8e52264efe40497 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1653 Malicious code in desainnew (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01bf842f0425d57bc046f2dfe5ca780425c5c598cddf38891bcb48821a75920a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dsain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c297dbb19c09d8f71ccdbc712626dbf279bb972fe57afe0c04dc8e27f723a9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1657 Malicious code in nodem0m (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae93a7345bbc51bd2c0a267dc582cf90302284606b0f569ae06f4dc6a26f801a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1658 Malicious code in nt4padyp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 813b8cef8cb7a828bbbf2b8edb29b1bbba72c65e7654fe80f07a80398a9e5133 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pwi-cfa-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d39aaa33ecd66d4aac0437e45aa6a1cddcc74bb7ed416f6b33c3a7151cbc035 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1644 Malicious code in pwi-cfa-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d39aaa33ecd66d4aac0437e45aa6a1cddcc74bb7ed416f6b33c3a7151cbc035 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Computer Laboratory Management System Cross-Site Scripting Vulnerability

Computer Laboratory Management System is a computer laboratory management system. A cross-site scripting vulnerability exists in Computer Laboratory Management System version 1.0 that could allow a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters...

CVE-2024-31586

CVE-2024-31586 affects Computer Laboratory Management System v1.0. The vulnerability is a Cross Site Scripting (XSS) flaw that allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. The reported impact is limited to the ability to run code wi...

CVE-2024-31586

A Cross Site Scripting XSS vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters...

PT-2024-24145 · Unknown · Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: Computer Laboratory Management System version 1.0 Description: A Cross Site Scripting XSS vulnerability exists, allowing a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. Recommendations: F...