968 matches found
Malicious code in theme-whale-light (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c40def8d41c4b7ebb0169b850854b2a3cbdbd547e0e5e4ab2294ecf310c1b471 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the Microsoft App Installer, related to bypassing authentication through spoofing, allows attackers to carry out spoofing attacks.
The vulnerability of the Microsoft App Installer relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks using a specially created malware package...
OpenWrt Resource Management Error Vulnerability
OpenWrt is a Linux operating system for embedded devices. A security vulnerability exists in libuci in OpenWrt versions prior to 18.06.9 and 19.x series versions prior to 19.07.5, which stems from the possibility of encountering the use of a malware package name after using free. This is related ...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.
The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...
Malicious Package
Overview asset-symlink is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using asset-symlink...
Malicious Package
Overview fluent-plugin-haproxy-stats is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview cinchlogsearch is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using cinchlogsear...
The vulnerability of the implementation of the syntactic analyzer („parser“) for HTTP packets by the LIVE555 RTSP server lies in the stack buffer overflow issue, which allows an attacker to execute arbitrary code.
The vulnerability of the HTTP packet syntax analyzer “parser” implemented by the LIVE555 RTSP server is related to an error that causes stack buffer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created malware package...