DigiExam 安全漏洞

DigiExam is an exam platform from the Swedish company DigiExam. A security vulnerability exists in DigiExam version v14.0.2, which stems from a lack of integrity checking of native modules, allowing an attacker to access PII and take over accounts on a shared computer...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-33668

CVE-2023-33668 affects DigiExam up to v14.0.2, where there is a lack of integrity checks for native modules. The issue enables attackers on shared computers to access PII and potentially take over user accounts, per multiple sources including Red Hat and NVD entries. The root cause is insufficien...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

Malicious code in fca-tpk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 576e118459e6170d7b00062ae693815b18ed8bd83e6c8fc7337143b842bf6c74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fca-dongdz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a178ae400bbd58633f7d8005bd8c591a3adbba417117cba116f6f7a6d97d569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zola-helpers/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee698d441406b57b08f773d9f7c97565c0d839bc65054354c7ab8f4556b4293a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-4069 · Digiexam · Digiexam

Name of the Vulnerable Software and Affected Versions: DigiExam versions up to 14.0.2 Description: The issue is related to the lack of integrity checks for native modules in DigiExam, allowing remote attackers to access personally identifiable information PII and takeover accounts on shared...

Malicious code in typeahead-client-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9121846b93247c8f8db2f98b553de9231e63282325f9bbaff65e8b6916d2a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sword123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6873abc1d5ac185b0cd7f13b940e3144dd46f0fddd5608e317c041de653e8bde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-26299

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in certain HP PC products using AMI UEFI Firmware system BIOS, which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability...

Malicious code in node-hsf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e30143880959f7bbf83a547cd32a89f7a338b497a3408e3b16ae74d80e6ba4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-154 Malicious code in cache-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 09ed266927720d6a151d6cca346f684f5e326b246a5363157496f6840d3be5f3 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Malicious code in price-record (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3b87630cf8eb8594e67451df7fae7627d35da7c1f67a44b1751201766dbe54a0 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona

The U.S. Department of Justice DoJ on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least...

CVE-2022-31645

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

CVE-2022-31644

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

CVE-2022-31635

Potential time-of-check to time-of-use TOCTOU vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

CVE-2022-31636

Potential time-of-check to time-of-use TOCTOU vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

CVE-2022-31639

Potential time-of-check to time-of-use TOCTOU vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...