Malicious code in float-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16fbe52219de9cd7b8c9f5658b325616af364ff7bc56e5ab012eb702baeed800 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OPENSUSE-SU-2024:11442-1 texlive-float-2021.186.1.3dsvn15878-45.2 on GA media

These are all security issues fixed in the texlive-float-2021.186.1.3dsvn15878-45.2 package on the GA media of openSUSE Tumbleweed...

WordPress Float menu plugin < 6.0.1 - Menu Deletion via CSRF vulnerability

Menu Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Float menu versions 6.0.1...

CVE-2024-2405

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

WordPress plugin Float menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Float menu Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Float menu Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 80605a5ac1fe Credits Erwan LR WPScan Required...

PT-2024-20254 · WordPress · Float Menu

Name of the Vulnerable Software and Affected Versions: The Float menu WordPress plugin versions prior to 6.0.1 Description: The issue is related to the lack of a CSRF check in the bulk actions of the plugin, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF...

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. PoC Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

DEBIAN-CVE-2024-28582

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the rgbeRGBEToFloat function when reading images in HDR format...

FreeImage Security Vulnerability

FreeImage is a cross-platform open source library for supporting popular graphic image formats. A security vulnerability exists in FreeImage version v.3.19.0, which stems from a buffer overflow vulnerability. A local attacker can use this vulnerability to execute arbitrary code via the...

BIT-RUBY-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...

UBUNTU-CVE-2023-51103

A floating point exception divide-by-zero vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fznewpixmapfromfloatdata of pixmap.c...

PT-2023-9298 · Artifex +2 · Artifex Mupdf +2

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.23.4 Description: A floating point exception divide-by-zero vulnerability was discovered in the function fz new pixmap from float data of pixmap.c. This issue is related to a division by zero error. Exploitation of thi...

ruby: Buffer overrun in String-to-Float conversion

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

Medium: ruby

Issue Overview: A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. CVE-2022-28739 Affected...

Medium: ruby

Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...