Malicious code in experience-template-renderer-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afa26f6f8649c313b48cb94b98dd23d01c15d0bc8cce3dfdfa2af4e410b133ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in versions of Apple macOS prior to Ventura 13, which can be exploited by an attacker to record audio using paired AirPods . The following products and versions are affected: m...

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

Malicious code in aries-bifold (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 251d46e3496d63c9b3598599b630afca002cc225ef387f8b8db2932e544fbc1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1088 Malicious code in aries-bifold (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 251d46e3496d63c9b3598599b630afca002cc225ef387f8b8db2932e544fbc1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in package-ions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e0094ac1543c12617313ae835b10879ec07d454e4d60930d6a8bd7589ca9f0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cors.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eec9dd5b1dac2fdd321551f9d4217d4383b3205cf183427bb0f1251ca1a7000e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MOXA ARM-Based Computers Elevation of Privilege Vulnerability

MOXA ARM-Based Computers is a series of industrial computers from MOXA in China. An elevation of privilege vulnerability exists in Moxa ARM-Based Computers, which can be exploited by an attacker to gain root privileges...

MOXA ARM-Based Computers 安全漏洞

MOXA ARM-Based Computers is a series of industrial computers from MOXA in China. An elevation of privilege vulnerability exists in Moxa ARM-Based Computers, which can be exploited by an attacker to gain root privileges...

CVE-2022-3088

CVE-2022-3088 concerns an execution with unnecessary privileges vulnerability (CWE-250) in Moxa ARM-based industrial computers. Affected devices include UC-8100A-ME-T, UC-2100, UC-2100-W, UC-3100, UC-5100, UC-8100 (and UC-8100-ME-T), UC-8200, AIG-300, UC-8410A with Debian 9, UC-8580 with Debian 9...

Moxa Multiple ARM-Based Computers

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Moxa Equipment: ARM-Based Computers Vulnerability: Privilege Escalation 2. RISK EVALUATION Successful exploitation of this vulnerability could provide an attacker with root privileges and total control of the system. 3...

Malicious code in geocomponents (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61de9020980b8adda40fa770a4e01271d679227030346f8daa0c47d8f33eabed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ul-mailru (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c4ffb34853ca2aed2129272732bcaa389eb9243a502f86a14ddd4cd744d9827 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as CVE-2022-0902 CVSS score: 8.1, is a path-traversal vulnerabili...

CVE-2022-3916

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

Malicious code in tsp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc403d291cb9ff5ecda4c2c9388c3274698f50c9cc4982cad4ee8da7017d8c8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vulnerablbsusuendency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96fab10f3a2d9c02f0a1da42123c2b402cdbdedeb87fd648026da5709bfbdac3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in esperamier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc7733d93ad2076f2cfe0321184d75e654c34c12da38f238042fadf4277bfb84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in we-lib-login-tgp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4f8e6e5c0168af0a89093c3d059ec1c5c00c6c2bdf595da95c57fa2175d1387 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...