12 matches found
MAL-2024-6925 Malicious code in fossa-curl-test (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in fossa-curl-test (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Exploit for Incorrect Authorization in Canonical Ubuntu_Linux
GameOverlay Ubuntu Privilege Escalation CVE-2023-2640...
Malicious code in fossa-dc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc48c6e613a443d6df8f223800c5ddb65bbd98d2a4a436ae5dadc30701be04b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3118 Malicious code in fossa-dc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc48c6e613a443d6df8f223800c5ddb65bbd98d2a4a436ae5dadc30701be04b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dependency-confusion-fossa-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33a2da958b0a20fbfec9aa8a6941a5d6e50de3be7b78b6348c23a465b0b9028d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2433 Malicious code in dependency-confusion-fossa-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33a2da958b0a20fbfec9aa8a6941a5d6e50de3be7b78b6348c23a465b0b9028d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
VLC Player Gets Patched for Two High-Severity Bugs
Maintainers of the popular open-source VLC media player patched two high-severity bugs Friday. The flaws were an out-of-bound write vulnerability and a stack-buffer-overflow bug. Developers behind the software, VideoLAN, said the patches were two of 33 fixes being pushed out to the media player a...
Fixed in Apache Tomcat 9.0.19
Note: The issues below were fixed in Apache Tomcat 9.0.18 but the release vote for the 9.0.18 release candidate did not pass. Therefore, although users must download 9.0.19 to obtain a version that includes a fix for these issues, version 9.0.18 is not included in the list of affected versions...
Fixed in Apache Tomcat 8.5.40
Important: Remote Code Execution on Windows CVE-2019-0232 When running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. For a...
EU launches Bug Bounty program for 14 free open-source products
By Waqas The European Union EU will be offering bug bounty rewards for the 14 open-source products that it uses. The EU’s Member of Parliament Julia Reda announced that the European Commission will offer bounties worth of €851,000 under its Free and Open Source Software Audit FOSSA. Bug bounty...
EU Offers Bug Bounties For 14 Open Source Projects
The European Commission in January is funding 14 bug bounty programs in hopes of sniffing out vulnerabilities in the free open source projects that EU institutions rely on. The bug bounty programs span 14 open source software projects and offers a total of almost $1 million for all bounties...