370 matches found
Malicious code in usaa-mock-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5984159a116b2da397135b921e07673806820b6693fa2e8e3695c1b4aef23de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1528 Malicious code in usaa-mock-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5984159a116b2da397135b921e07673806820b6693fa2e8e3695c1b4aef23de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ory-hydra-mock-oauth2-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65a839721d0fab0dc481a43bb9cf463966ebf8badc1ed1a9beebdc0724262a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1017 Malicious code in ory-hydra-mock-oauth2-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65a839721d0fab0dc481a43bb9cf463966ebf8badc1ed1a9beebdc0724262a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-35692
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PUB-A-275950631
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...
SUSE-SU-2023:2517-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...
SUSE-SU-2023:2509-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...
SUSE-SU-2023:2473-1 Security update for python36
This update for python36 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...
Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework
Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...
com.intuit.karate:karate-gatling (=1.3.1), com.intuit.karate:karate-junit4 (=1.3.1) +4 more potentially affected by CVE-2023-1370 via com.intuit.karate:karate-core (=1.3.1)
com.intuit.karate:karate-core MAVEN version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.intuit.karate:karate-core and may be impacted: - com.intuit.karate:karate-gatling =1.3.1 - com.intuit.karate:karate-junit4 =1.3.1 -...
PT-2023-21363 · Databasir · Databasir
Name of the Vulnerable Software and Affected Versions: Databasir version 1.0.7 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the mockDataScript parameter. Recommendations: For Databasir version 1.0.7, consider restricting access to the...
PT-2024-11858 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the raydium i2c send function. This issue occurs when testing the raydium i2c ts with a BPF mock device,...
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions
Impact The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found,...
Fedora: Security Advisory for golang-github-gojuno-minimock (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-mock (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-pact-foundation-1.5.1-7.fc36
Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...
[SECURITY] Fedora 36 Update: golang-github-mock-1.6.0-4.fc36
GoMock is a mocking framework for the Go programming language. It integrates well with Go's built-in testing package, but can be used in other contexts to o...
[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-10.fc36
Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...