78 matches found
EUVD-2023-2110
Malicious code in bioql PyPI...
CVE-2023-39013
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
[SECURITY] [DLA 4138-1] distro-info-data database update
Debian LTS Advisory DLA-4138-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera April 26, 2025 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u8 This is a routine update of the distro-info-data database for Debian LTS users. It adds Ubunt...
Debian dla-4138 : distro-info-data - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4138 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4138-1 [email protected] https://www.debian.org/lts/security/...
Malicious code in f0-state-holder-duke (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf4c907badcc403327c3447b84119be860f10f1e085424b05ae27f1c65343715 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2760 Malicious code in f0-state-holder-duke (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf4c907badcc403327c3447b84119be860f10f1e085424b05ae27f1c65343715 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Duke Smart Toilet Lab Motius 安全漏洞
Duke Smart Toilet Lab Motius is a smart sampling toilet from Duke University. A security vulnerability exists in Duke Smart Toilet Lab Motius version 1.3.11. An attacker exploiting this vulnerability could gain access to sensitive information...
duke.uloop.com Cross Site Scripting vulnerability OBB-3952813
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ea-boyerlab-morphosource-01.oit.duke.edu Cross Site Scripting vulnerability OBB-3878987
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
courses.cs.duke.edu Cross Site Scripting vulnerability OBB-3855095
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
people.duke.edu Cross Site Scripting vulnerability OBB-3842895
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
chapel.duke.edu Improper Access Control vulnerability OBB-3820808
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
repository.duke.edu Cross Site Scripting vulnerability OBB-3809897
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
carlyleletters.dukeupress.edu Cross Site Scripting vulnerability OBB-3655440
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called...
Code Injection
duke is vulnerable to Code Injection. The vulnerability exists because the init function of CommonJTimer.java does not restrict LDAP lookups, allowing an attacker to inject and execute malicious code...
ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.42.0.2), ai.h2o:h2o-algos (>=3.10.5.1 <=3.42.0.2) +51 more potentially affected by CVE-2023-39013 via no.priv.garshol.duke:duke (=1.2)
no.priv.garshol.duke:duke MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on no.priv.garshol.duke:duke and may be impacted: - ai.h2o:h2o-admissibleml =3.34.0.1, =3.10.5.1, =3.10.5.1, =3.12.0.1, =3.10.5.1, =3.10.5.1, =3.14.0.7, =3.16.0.1...
GHSA-P83Q-99RC-VFMV Code injection in Duke
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
Code injection in Duke
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
CVE-2023-39013
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...