Lucene search
K

370 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/21 2:27 a.m.6 views

Malicious code in usaa-mock-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5984159a116b2da397135b921e07673806820b6693fa2e8e3695c1b4aef23de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/08/21 2:27 a.m.15 views

MAL-2023-1528 Malicious code in usaa-mock-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5984159a116b2da397135b921e07673806820b6693fa2e8e3695c1b4aef23de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/31 4:49 a.m.3 views

Malicious code in ory-hydra-mock-oauth2-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65a839721d0fab0dc481a43bb9cf463966ebf8badc1ed1a9beebdc0724262a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/07/31 4:49 a.m.9 views

MAL-2023-1017 Malicious code in ory-hydra-mock-oauth2-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65a839721d0fab0dc481a43bb9cf463966ebf8badc1ed1a9beebdc0724262a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
NVD
NVD
added 2023/07/14 4:15 p.m.29 views

CVE-2023-35692

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00083EPSS
Exploits0References1
OSV
OSV
added 2023/07/01 12:0 a.m.9 views

PUB-A-275950631

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00083EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/06/22 4:58 p.m.8 views

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...

7.6AI score
Exploits0
OSV
OSV
added 2023/06/15 5:10 a.m.4 views

SUSE-SU-2023:2517-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...

9.8CVSS9.5AI score0.27095EPSS
Exploits3References4
OSV
OSV
added 2023/06/14 12:44 p.m.15 views

SUSE-SU-2023:2509-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...

9.8CVSS9.5AI score0.27095EPSS
Exploits3References4
OSV
OSV
added 2023/06/08 1:54 p.m.7 views

SUSE-SU-2023:2473-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...

9.8CVSS9.5AI score0.27095EPSS
Exploits3References4
Kitploit
Kitploit
added 2023/04/30 12:30 p.m.27 views

Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...

7.3AI score
Exploits0References9
vulnersOsv
vulnersOsv
added 2023/03/31 10:44 p.m.6 views

com.intuit.karate:karate-gatling (=1.3.1), com.intuit.karate:karate-junit4 (=1.3.1) +4 more potentially affected by CVE-2023-1370 via com.intuit.karate:karate-core (=1.3.1)

com.intuit.karate:karate-core MAVEN version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.intuit.karate:karate-core and may be impacted: - com.intuit.karate:karate-gatling =1.3.1 - com.intuit.karate:karate-junit4 =1.3.1 -...

7.5CVSS6.7AI score0.01119EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.3 views

PT-2023-21363 · Databasir · Databasir

Name of the Vulnerable Software and Affected Versions: Databasir version 1.0.7 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the mockDataScript parameter. Recommendations: For Databasir version 1.0.7, consider restricting access to the...

9.8CVSS7.9AI score0.01504EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.7 views

PT-2024-11858 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the raydium i2c send function. This issue occurs when testing the raydium i2c ts with a BPF mock device,...

9.1CVSS6.8AI score0.03702EPSS
Exploits12References1773
Github Security Blog
Github Security Blog
added 2022/09/16 5:42 p.m.50 views

OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions

Impact The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found,...

9.8CVSS9.1AI score0.0127EPSS
Exploits1References9Affected Software1
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.9 views

Fedora: Security Advisory for golang-github-gojuno-minimock (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.7 views

Fedora: Security Advisory for golang-github-mock (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 2:0 a.m.13 views

[SECURITY] Fedora 36 Update: golang-github-pact-foundation-1.5.1-7.fc36

Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...

7.3AI score
Exploits0
Fedora
Fedora
added 2022/07/30 1:57 a.m.19 views

[SECURITY] Fedora 36 Update: golang-github-mock-1.6.0-4.fc36

GoMock is a mocking framework for the Go programming language. It integrates well with Go's built-in testing package, but can be used in other contexts to o...

7.2AI score
Exploits0
Fedora
Fedora
added 2022/07/30 1:57 a.m.13 views

[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-10.fc36

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

7.3AI score
Exploits0
Rows per page
Query Builder