Malicious code in sap-aid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cafde5225847d941e4af37b18ca5befb5302ebbdc046e32b055d3994a65b99e9 The OpenSSF Package Analysis project identified 'sap-aid' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicat...

Malicious code in sap-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 58420a49ed777d835cee58dafa044a3b2960aae4ff06d85f920dd45618e5f324 The OpenSSF Package Analysis project identified 'sap-agent' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-34141 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-36203

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36205 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36200 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36219 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in ZKsync Era versions prior to 1.3.10, which stems from checkifaexeculatedlast exposing a bug in the order in which Yul function arguments are evaluated...

CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input

In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS Cross Site Scripting. Several inputs were n...

Cross-site Scripting (XSS)

github.com/tiagorlampert/chaos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the sendCommandHandler function accepting unsanitized input via the output parameter and passing it along to the DOM, which results in a payload being executed by a user sending a request to the...

CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

MAL-2024-1183 Malicious code in teslamotors-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ff47ce37cbaa6b68373ed17ef85fe4403bf2b4865e9ef971a397714d2f7b8cce The OpenSSF Package Analysis project identified 'teslamotors-server' @ 99.2.0 npm as malicious. It is considered malicious because: - The packag...

CVE-2024-0901

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length...

CVE-2024-0901

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length...

CVE-2024-0901

CVE-2024-0901 is described as a remote SEGV and out-of-bounds read caused by a malformed packet with the correct length. The primary public entry (NVD) lists this as a high-severity network vulnerability with no user interaction. Connected documents corroborate the issue across multiple advisorie...

CVE-2024-0901 SEGV and out of bounds memory read from malicious packet

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length...

CVE-2024-26124 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Overview A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...

BIT-MEDIAWIKI-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

Attacks, Vulnerabilities and Actors 15 January to 21 January 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of six executed attacks, two instances of adversary activity, and eight exploited...