15493 matches found
PT-2023-16013 · Weintek · Weintek Easybuilder Pro
Name of the Vulnerable Software and Affected Versions: Weintek EasyBuilder Pro affected versions not specified Description: The issue is caused by a ZipSlip attack resulting from decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access...
K51975973: Eclipse Jetty vulnerability CVE-2021-34428
Security Advisory Description For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can...
MAL-2023-537 Malicious code in jquery-mask (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c2e86401517688fc0bdbd68e989cce56834a9c11090e0a27fd0e0b5cdf9ca2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-560 Malicious code in kuna-chart-header (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7b6783077178ab41482bc0e611e487453d9b0254e1e1ad5684b89472b002b2b4 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
SUSE CVE-2005-4778
The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions...
SUSE CVE-2012-4542
block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...
SUSE CVE-2013-1729
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element...
SUSE CVE-2018-10021
drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers w...
SUSE CVE-2018-1000015
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes...
SUSE CVE-2019-19624
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of t...
SUSE CVE-2022-41848
drivers/char/pcmcia/synclinkcs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpcioctl and mgslpcdetach...
2023-02 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5022834)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
2023-02 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5022834)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
ipc-computer.de Cross Site Scripting vulnerability OBB-3193895
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Computer Vision Annotation Tool Advisory
Summary: A potential security vulnerability in the Computer Vision Annotation Tool CVAT software maintained by Intel® may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-27234 Description: Server-si...
MAL-2023-268 Malicious code in doii.repo.tik (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2a3b246d61b93de2def7a63affccacb26c7bddff3816d751983fa3fa0f3e978 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-267 Malicious code in doii.repo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5201538e1c2a29415afeb2ff46b45521e0f3dc4ac5983bc3da0d42f2358bb580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-4 Malicious code in eslint-plugin-dropbox-sign (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef0b78a956b34b6e0c3db65f1f623e28b0e80753ffae8ea19c75e4217f1dc0b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-586 Malicious code in mdes_digital_enablement_api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef91fec71d700626e729317e9beb9132a1be4c4c60fce5f67f94ceae1a198435 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fca-jiser-remake (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35bfdae86299688abf534339a424e1a455f436fbdef00a64a09648d3c31862c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...