Malicious code in rec3t-dev-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5713 Malicious code in rec3t-dev-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

WWBN AVideo ObjectYPT SQL injection vulnerability

Talos Vulnerability Report TALOS-2022-1551 WWBN AVideo ObjectYPT SQL injection vulnerability August 16, 2022 CVE Number CVE-2022-33147,CVE-2022-34652,CVE-2022-33149,CVE-2022-33148 SUMMARY A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit...

dev-smt.netstream.ch Cross Site Scripting vulnerability OBB-2847958

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UBUNTU-CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

PT-2022-14460 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the BuildDevIDResponse function of miscdatabuilder.cpp due to a missing bounds check. This could lead to remote code execution with no additional execution...

GPAC MP4box 安全漏洞

GPAC MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP, but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS, etc. A security vulnerability exists in GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, which stems from...

Stored XSS on Admin Translations

Description Key/Name field in Admin Translation Settings is vulnerable to XSS. Proof of Concept 1 - Go to Settings, Admin Translations. 2 - Click on Add, and put the XSS payload: " on Name then save 3 - XSS popup will be triggered. Both Stable and Dev versions are vulnerable. Video PoC...

PUB-A-182815710

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates aka SocGholish malware being delivered via existing Raspberry Robin infections on July 26,...

[SECURITY] Fedora 36 Update: golang-github-magefile-mage-1.11.0-6.fc36

A Make/rake-like dev tool using Go...

U.S. Offers $10 Million Reward for Information on North Korean Hackers

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean...

CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...

CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...

CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...

Null pointer dereference

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...

UBUNTU-CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...