MAL-2024-9768 Malicious code in plugin-transform-private-methods (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in plugin-transform-private-methods (npm)

--- -= Per source details. Do not edit below this line.=-...

The vulnerability of the user console of the Avanpost IDM system, related to the use of dangerous methods or functions, allows a violator to execute arbitrary code.

The vulnerability of the user console of the Avanpost IDM system is related to the use of dangerous methods or functions. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the user console of the Avanpost IDM system, related to the use of dangerous methods or functions, allows a violator to execute arbitrary code.

The vulnerability of the user console of the Avanpost IDM system is related to the use of dangerous methods or functions. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-734)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-734 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

The vulnerability of the RES software service for controlling user access to applications and data in Ivanti Workspace Control allows a intruder to increase their privileges.

The vulnerability of the RES software service for controlling user access to applications and data in Ivanti Workspace Control is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...

CVE-2024-41290

FlatPress CMS versions 1.3.1 (

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

PT-2024-40589 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving methods in java.base, specifically java.util.Arrays.copyOfRange, java.lang.StringUTF16.newString, and...

PT-2024-29349 · Unknown · Flatpress Cms

Name of the Vulnerable Software and Affected Versions: FlatPress CMS versions 1.3.1 through 1.3 Description: The issue concerns the use of insecure methods to store authentication data via the cookie's component. This could potentially lead to unauthorized access. No information is provided about...

Driver Disk for Intel i40e 2.25.11 - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Intel's i40e driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- i40e| Ethernet/NIC| 2.25.11 Issues resolved in this...

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from th...

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

The vulnerability of the AVG Internet Security antivirus protection lies in the use of dangerous methods or functions, which allow attackers to enhance their privileges.

The vulnerability of the AVG Internet Security antivirus protection lies in the use of dangerous methods or functions. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2025-8696

Name of the Vulnerable Software and Affected Versions URI gem versions prior to 0.11.3 URI gem versions 0.12.0 through 0.12.3 URI gem versions 0.13.0 through 0.13.1 URI gem versions 1.0.0 through 1.0.2 Description The URI handling methods URI.join, URImerge, URI+ in the URI gem for Ruby have an...

CVE-2024-8268

CVE-2024-8268 affects the Frontend Dashboard WordPress plugin (versions

WordPress plugin Frontend Dashboard 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection...