39 matches found
Malicious code in use-context-selector-tony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dde262b1fecc08fe5853c4ec7ada6c3c3746a6e7afb5bd18c33d5adfa03843c This package is a name-squat of the popular use-context-selector library and ships a postinstall script dist/postinstall.js / src/postinstall.js that...
Malicious code in prisma-callback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...
MAL-2026-3770 Malicious code in prisma-callback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...
NewStart CGSL MAIN 7.02 : wpa_supplicant Vulnerability (NS-SA-2026-0037)
The remote NewStart CGSL host, running version MAIN 7.02, has wpasupplicant packages installed that are affected by a vulnerability: - The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop...
FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP
Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...
TencentOS Server 3: compat-openssl10 (TSSA-2025:0443)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0443 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
RLSA-2025:7937 Important: compat-openssl11 security update
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName...
EUVD-2024-55010
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-3288
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to...
Linux Distros Unpatched Vulnerability : CVE-2024-9163
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an...
BIT-GITLAB-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
UBUNTU-CVE-2024-9163
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163
GitLab CE/EE (versions 12.1–<17.10.7, 17.11–<17.11.3, 18.0–
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163
Removed by vendor...
GitLab CE/EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 17.10.7, 17.11.3, an...