Malicious code in whatnot_seller_api_docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bd5f2c9e95b729435440515ed96f944e44f9be9e7843d90090aeef7a7a0716d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3518]

Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3518 Vulnerability Details CVEID:CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system,...

LocalAI 代码注入漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code injection vulnerability exists in LocalAI version 2.17.1, which originates when the localai backend receives input not only from a configuration file, but also from other inputs, allowing...

ROS-20240927-01

Vulnerability of FFmpeg multimedia library function loadinputpicture is related to buffer copying without checking input data size. checking the size of the input data. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in interpolate component...

CVE-2024-46441

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php called from app/admin/controller/ypay/Home.php. The file extension of an uncompressed file is not checked...

CVE-2024-33368

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen...

USN-7044-1: libcupsfilters vulnerability

Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used...

Malicious code in djangosnippets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0bb7ea04063a1c85bc6858187976e5437ffa840e070088dd2b0c4406ebb728c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-site Scripting (XSS)

Concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the calendar event name, allowing users or groups with permission to create or modify event calendars to embed and execute malicious scripts...

CVE-2021-38963 IBM Aspera Console CSV injection

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...

kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVSPACKETCMDEXECUTE has 3 main attributes: - OVSPACKETATTRKEY - Packet metadata in a netlink format. - OVSPACKETATTRPACKET - Binary packet content. -...

kernel: scsi: qedf: Make qedf_execute_tmf() non-preemptible

A vulnerability was found in the Linux kernel's qedf driver function qedfexecutetmf, where the function call smpprocessorid is done from preemptible code before acquiring a lock which can result in BUGON when running an RT kernel. This can result in system inconsistencies...

kernel: net: openvswitch: fix overwriting ct original tuple for ICMPv6

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVSPACKETCMDEXECUTE has 3 main attributes: - OVSPACKETATTRKEY - Packet metadata in a netlink format. - OVSPACKETATTRPACKET - Binary packet content. -...

CVE-2024-8652 Netcat CMS: reflected cross-site scripting in openstat module

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

PT-2024-32791

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description A security issue has been fixed in the Linux kernel, where the remap file pages syscall handler calls do mmap directly, which doesn't contain the LSM security check. If the process has called...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

Security Bulletin: Vulnerabilities in Maven affect IBM watsonx.data

Summary Apache Maven could allow a remote attacker to either bypass security restrictions or to execute arbitrary commands on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security...

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system and could allow a remote attacker to obtain sensitive information. This can affect watsonx.data. This can affect IBM watsonx.data Vulnerability Details CVEID:CVE-2019-12384 DESCRIPTION:...

CVE-2024-45679

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product...