MAL-2022-7084 Malicious code in web3-update (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77fdc33138ce74bde93c5bcbd67fafc405aeeb7ae156a91124a5500d3f1b869c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in spring-boot-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24c0313226e487a37c9158c78bc620c0306eb778d0aa789677c0c77811785295 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in test_1_59 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 311825f483147ad29879b55012ea2616f3b737e71a06e21f07f33a1d0e89f494 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apple macOS 缓冲区错误漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. Apple macOS suffers from a security vulnerability that originates from an attacker being able to deliver a maliciously crafted image to its component that processes ICC summary files to achieve memory...

Malicious code in discord-leveldb-dump (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55c25e70b31ec78486080577de7c7b2e78cde9b35d84eb84b869160ecb3af8fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5670 Malicious code in react-redux-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1317918bed3a26481cc0f2581c7902fde3cb69f75efdf9ab9f4fc365d5abf451 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nexthink/investigations-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fb466910cbd8f11eb9f83c1157f4f40e12cf74ff131ebec73f92b3ae0f962ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nexthink/content-admin-list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88211a3606fb6d72dc9409ded383558925170c70c7f1175d893d399fbf12d88f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nexthink/flow-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c51ef940352ec2e2336f99764ff744f2303934f43534c72e57d768be83c6c240 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Privilege escalation

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-36438

Summary: CVE-2022-36438 affects ASUS System Control Interface 3 (before 3.1.5.0) and AsusSwitch.exe (before 1.0.10.0) on Windows. The issue is weak file permissions in these components, which enables local privilege escalation and could allow arbitrary file deletion within the system. Root cause:...

Malicious code in darshanno1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed53ddb4a7d140a14e73dd1e70f0fca72e84826fd5c4675adfec2c75506b2a4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vinayakgadha (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a707620d7e946357b152ed91ecbc080c7d1a8966be8bf89309d21ca8210afb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tds-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb9cdf5cd3aa4e14d5a628ef37bc7f25bbd6a7976c9c4a2b649a96dcc1c6ee57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ibiza-universe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10614cf96adefc60af778b226d8f14c1d0a3a2e938d6f38404f8ba4763be8e46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Airbus AoA – Angle of Attack sensor issue

I read a lot of air incident investigation reports. The aviation industry is a shining example of sharing and learning, resulting in increased safety. I wish that the cyber industry on the ground could find a way to effectively share similar experiences and learnings. Anyway, one report caught my...

MAL-2022-42 Malicious code in 7h3n00b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d447e0a0abdb9a120daee768c4715f5c6e7525abefa06b9e7868a19eda7b9e65 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4101 Malicious code in kakau-infos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70d6b58c8d6a29f8f1c72c44e473d751b0188bea5266e10aee357449e8e73ad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in trading-tips (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7059751298308ffddceab553bb41bc1d03c5dfef0b27b2c6b34408e43fac7d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in apl-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae90a369ef8b401fdbeffc44d82f8e3ae5e66e88f54717671216a40c0ed1edfc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...