MAL-2022-4562 Malicious code in merlin-products-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc2949d7ccace2a49fa195114fa2ec70249c0da126015d8633f6780145cf0e7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in brock-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06927b0ede8157ec71afd11ae6cacba244b713b63cfb70e6a5ae52949cdfc78b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1690 Malicious code in brock-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06927b0ede8157ec71afd11ae6cacba244b713b63cfb70e6a5ae52949cdfc78b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

CVE-2022-31827

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery SSRF via the function performFetchRequest at HTTPFetcher.php...

CVE-2022-31827

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery SSRF via the function performFetchRequest at HTTPFetcher.php...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

UBUNTU-CVE-2022-31796

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use...

HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion

The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file To delete the license.txt at the root of the blog: await...

GHSA-PJ65-3PF6-C5Q4 python-apt Does Not Check Hash Signature

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

CVE-2018-16369

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

new packages: perl-File-Fetch

An update is available for perl-File-Fetch. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-P5F9-C9J9-G8QX Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

Design/Logic Flaw

Gitea before 1.16.7 does not escape git fetch remote...

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...