Lucene search
K

28 matches found

The Hacker News
The Hacker News
added 2023/07/05 9:0 a.m.5 views

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

6.7AI score
Exploits0
Drupal
Drupal
added 2018/10/31 12:0 a.m.18 views

Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071

This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label. The module doesn't sufficiently check access before displaying entity label...

6.4AI score
Exploits0References6
NVD
NVD
added 2018/08/31 3:29 p.m.18 views

CVE-2018-7685

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download...

7.8CVSS7.6AI score0.00286EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/08/31 3:29 p.m.24 views

CVE-2018-7685

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download...

7.8CVSS7.1AI score0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/08/31 3:0 p.m.27 views

CVE-2018-7685 libzypp does not reevaluate malicious rpms once downloaded

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download...

7.8CVSS8.4AI score0.00286EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/08/31 3:0 p.m.41 views

CVE-2018-7685

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download...

7.8CVSS8.6AI score0.00286EPSS
Exploits0
Prion
Prion
added 2018/07/10 6:29 p.m.20 views

Spoofing

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver UIInfra, 1.0, SAP UI Implementation for Decoupled Innovations UI700, 2.0: SAP NetWeaver 7.00 Implementation,...

4.3CVSS4.8AI score0.00552EPSS
Exploits0References3Affected Software3
Fedora
Fedora
added 2012/04/01 10:57 p.m.27 views

[SECURITY] Fedora 16 Update: python-sqlalchemy0.5-0.5.8-9.fc16

SQLAlchemy is an Object Relational Mappper ORM that provides a flexible, high-level interface to SQL databases. Database and domain concepts are decoupled, allowing both sides maximum flexibility and power. SQLAlchemy provides a powerful mapping layer that can work as automatically or as manu all...

7.5CVSS1.3AI score0.02862EPSS
Exploits2
Rows per page
Query Builder