Malicious code in @mp-food/knapsack (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2022-49320

In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type In zynqmpdmaalloc/freechanresources functions there is a potential overflow in the below expressions. dmaalloccoherentchan-dev, 2 chan-descsize ZYNQMPDMANUMDESC...

CVE-2025-22905

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp...

EDIMAX RE11S 安全漏洞

EDIMAX RE11S is a router from EDIMAX. A security vulnerability exists in EDIMAX RE11S v1.11, which stems from the discovery that the command parameter via /goform/mp contains a command injection vulnerability...

CVE-2025-22905

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp...

CVE-2025-22905

CVE-2025-22905 affects RE11S v1.11, with a confirmed command injection vulnerability via the command parameter at the endpoint /goform/mp . The vulnerability is described as high-severity (CVSS v3.1: 9.8, Network, no user interaction) and can lead to arbitrary code execution with high impact on c...

CVE-2024-48197

Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface...

CVE-2024-48197

Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface...

AudioCodes MP-202B 安全漏洞

The AudioCodes MP-202B is an analog VoIP adapter from AudioCodes Israel. It is used to connect to POTS phones or fax machines. A security vulnerability exists in AudioCodes MP-202B version v.4.4.3, which stems from a cross-site scripting vulnerability that allows remote attackers to elevate...

CVE-2024-48197

Audiocodes MP-202B running v4.4.3 is affected by a Cross Site Scripting (XSS) vulnerability in the web interface login page that can enable a remote attacker to escalate privileges. Root cause: XSS in the login web page. Affected product/version: Audiocodes MP-202b v4.4.3. Impact: privilege escal...

CVE-2024-48197

Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface...

Hewlett Packard Enterprise Alletra Storage MP B10000 安全漏洞

The Hewlett Packard Enterprise Alletra Storage MP B10000 HPE Alletra Storage MP B10000 is an enterprise-class block storage appliance from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise Alletra Storage MP B10000 versions prior to 10.4.5, which stems...

gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemuxparsetheoraextension function. This issue leads to a small amount of memory being allocated to store a large input size,...

gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemuxparsetheoraextension function. This issue leads to a small amount of memory being allocated to store a large input size,...

The vulnerability of the “mp_apply” application programming interface of the microprogramming devices for multifunctional wireless access points Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the “mpapply” application programming interface of the microprogramming-based wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO exists due to the lack of measures taken to neutralize the special elements used in the operating system...

PT-2024-9479 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements us...

Siemens SIPORT MP 安全漏洞

SIPORT is a comprehensive, modular and reliable system for access control and time management in the Monitoring Access Suite. An elevation of privilege vulnerability exists in Siemens SIPORT, which can be exploited by a local attacker with an unprivileged account to overwrite or modify the servic...

DEBIAN-CVE-2024-49927

In the Linux kernel, the following vulnerability has been resolved: x86/ioapic: Handle allocation failures gracefully Breno observed panics when using failslab under certain conditions during runtime: can not alloc irqpinlist -1,0,20 Kernel panic - not syncing: IO-APIC: failed to add irq-pin. Can...

AZL-52944 CVE-2024-49927 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: x86/ioapic: Handle allocation failures gracefully Breno observed panics when using failslab under certain conditions during runtime: can not alloc irqpinlist -1,0,20 Kernel panic - not syncing: IO-APIC: failed to add irq-pin. Can...

SUSE CVE-2024-45009

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...