MAL-2022-1968 Malicious code in code-oss-dev-build1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b65930836996ae35d0c2c41c28426c97cd1b2bb8eda37b966b527b177ceea85f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dev.socrata.com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65703102d55c148a01e94efc3d9bd558de95853e7f7ee88b22eaf7784b9a65cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in colors-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e536034f21abcd7ac77a0757c555642fbc16a2c8f783a085c2da62ed56df1c9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2014 Malicious code in colors-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e536034f21abcd7ac77a0757c555642fbc16a2c8f783a085c2da62ed56df1c9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian DSA-5165-1 : vlc - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5165 advisory. Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file is...

Pandora FMS 7.0NG.742 Remote Code Execution

Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...

Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

GHSA-XQ4V-VRP9-VCF2 Cross-site Scripting vulnerability in repository issue list in Gogs

Impact DisplayName allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list. Patches DisplayName is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds Check and update the existing users...

PT-2025-8267

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc7+ Description The issue is related to the Linux kernel, specifically with the mlx5 get next phys dev function, which was called without holding the interface lock. This problem was identified when a...

GHSA-P9P4-97G9-WCRH Dev error stack trace leaking into prod in Play Framework

Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its DefaultHttpErrorHandler to do so based on the application mode. In its Scala API Play also provides a static object DefaultHttpErrorHandler...

CVE-2022-31023

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...

Code injection

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...

CVE-2022-31023

CVE-2022-31023 affects Play Framework prior to 2.8.16. The issue arises when verbose error pages are shown in production due to DefaultHttpErrorHandler being used or misconfigured, potentially exposing sensitive information via exception stacks in error messages. The problem is rooted in how Play...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

PT-2022-13774 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs/gogs versions prior to 0.12.8 Description: The issue is related to a Server-Side Request Forgery SSRF in the GitHub repository gogs/gogs. This allows a malicious user to discover services in the internal network through webhook...

Debian: Security Advisory (DLA-3036-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to the heap-based overflow in dev tools which allows an attacker to install a malicious extension to potentially exploit heap corruption via a malicious HTML page...