MAL-2022-394 Malicious code in @logistics-frontend/modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4cfb4ef58af701fde6a6535d9f669a870e7ef44606fb659eba4368fb835340a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian DSA-5150-1 : rsyslog - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5150 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This...

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules lies in the absence of authentication attempt limits, allowing a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules is related to the absence of authentication attempt limits. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by...

rsyslog: Heap-based overflow in TCP syslog server

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

rsyslog: Heap-based overflow in TCP syslog server

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

DRUPAL-CORE-2022-010

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +176 more potentially affected by CVE-2022-29201 via tensorflow-gpu (>=1.10.1 <=2.6.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-29201 Source advisory: OSV:GHSA-PQHM-4WVF-2JG8...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +176 more potentially affected by CVE-2022-29199 via tensorflow-gpu (>=1.10.1 <=2.6.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-29199 Source advisory: OSV:GHSA-P9RC-RMR5-529J...

GO-2022-0247 Buffer overflow in WASM modules in misc/wasm and cmd/link

When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments due to a buffer overflow error. If using wasmexec.js to execute WASM modules, users will need to replace their...

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-24025 DESCRIPTION: node-sass...

GHSA-XXW3-765M-F37P SaltStack Salt Improper Authentication vulnerability

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

GHSA-H77W-655F-6J3M Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

azureml-designer-classic-modules (>=0.0.105 <=0.0.112), azureml-designer-core (>=0.0.21 <=0.0.29) +39 more potentially affected by CVE-2019-12410 via pyarrow (>=0.12.0 <=0.15.0)

pyarrow PYPI version =0.12.0, =0.0.105, =0.0.21, =0.0.17, =0.0.36, =0.0.9, =1.0.48.1, =0.1.0, =1.4.2, =3.0.20190405035157, =0.1.0, =0.1.1, =0.1.3 and more Source cves: CVE-2019-12410 Source advisory: OSV:GHSA-CJW4-2W9R-R8MV...

GHSA-PM48-CVV2-29Q5 Ansible Uses Plugins That Disclose Credentials

Ansible, all ansibleengine-2.x versions and ansibleengine-3.x up to ansibleengine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed i...

GHSA-MWH9-GR45-XVV4 Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

Magento 2 Community Edition Session Fixation Check

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...

[SECURITY] Fedora 36 Update: slurm-21.08.8-2.fc36

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...