6348 matches found
Malleability remedied in Salt
Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...
PYSEC-2022-210
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
Malicious Package
Overview @logistics-frontend/modules is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...
SaltStack Salt 安全漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3002.9, prior to 3003.5, and prior to 3004.2, which stems...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-1926)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...
Malicious code in lwc-modules-foo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46d862b5923de09847e190714fa9981eb4f6d65f46e1c7cddbf6f840663d8534 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4429 Malicious code in lwc-modules-foo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46d862b5923de09847e190714fa9981eb4f6d65f46e1c7cddbf6f840663d8534 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tochka-modules/t15-ui-kit-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 086e63c619a5b6887d4c00c37636d7366887829646ac38d2125202b4f5269d88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.unity.modules.vr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caa2a5f7f655d792cae0caf690a3c6670f07134ec8fb5d954fdebc12bdbe1d88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2096 Malicious code in com.unity.modules.wind (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c4f75a27c15192fe5a518a9ebc7ecc4000597566c16189416ff0ce42740ddd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2097 Malicious code in com.unity.modules.xr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da0715f4c443de1ace746c5feac7e8b6ecef5ca8bcf72e7551e2ac3da0ab9a4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2092 Malicious code in com.unity.modules.unitywebrequestwww (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0dae88788735360f7a8d0c54e10a2b3ed56d207895102fe4a57e75f151db8d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.unity.modules.vehicles (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 820f2ed0b780d2b72443c67e31b4bea4fc9698583eebe973695607246a3a1a5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.unity.modules.video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cbc1f29f9ab08321b1916e12ad31e90aabd9c5a724ab115c013a7c8397fc55d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2088 Malicious code in com.unity.modules.unitywebrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1ac55d9f0834d6ecc3174b41b467b08e52c6319bf9d6084d620a29e3b836254 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2081 Malicious code in com.unity.modules.terrainphysics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d41f5c7f2124ce5b62037dce6f5ee4719c7c8f26c71c999b43cb276bcb4d992 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.unity.modules.uielements (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 261726ab6975430c940d1a7cf47d0aab678a3dad1bc252715adbb0c95b14f2af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2086 Malicious code in com.unity.modules.umbra (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 028143de47ffc6a595c77b27b5dccb7b193613f13c80f4a3c74eba446ecffd18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.unity.modules.physics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c219e6d9f8356b84f53009fdc6a767fed3e5e1283c5e2d2246435da92e8f0bb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2076 Malicious code in com.unity.modules.physics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c219e6d9f8356b84f53009fdc6a767fed3e5e1283c5e2d2246435da92e8f0bb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...