84 matches found
MAL-2024-7994 Malicious code in theme-bahrain-nb-hddd2c (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2c4d9f69a68847d94866c5c7615ea8e879f744fe989442fd0e658480480744e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in theme-bahrain-nb-hdddc3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e53da1719f478c46169b284e06518c71ee941c34320a1e6ae4ad97fd77a568a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
New Research: The Proliferation of Cellular in IoT
Researchers explain the trend and argue for deeper understanding Analysis of Cellular Based Internet of Things IoT Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In thi...
elf-rss (>=2.5.0 <=2.5.4), gocqapi (>=0.1.3 <=0.1.4) +59 more potentially affected by CVE-2024-21624 via nonebot2 (>=2.0.0a16 <=2.1.3)
nonebot2 PYPI version =2.0.0a16, =2.5.0, =0.1.3, =1.2.0a0, =0.1.0, =0.1.0, =0.1.0, =0.3.4, =0.5.2, =2.0.0, =2.1.0 and more Source cves: CVE-2024-21624 Source advisory: OSV:GHSA-59J8-776V-XXXG...
nb-mail.de Improper Access Control vulnerability OBB-3776913
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nb-care.com Cross Site Scripting vulnerability OBB-3762968
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nb-care.com Cross Site Scripting vulnerability OBB-3586346
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Command injection
A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...
SUSE CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...
@cao_steven/nb-core (=1.0.0), @dcodegroup-au/dsg-vue (>=0.0.17 <=0.0.18) +85 more potentially affected by CVE-2021-4103 via vditor (>=2.3.1 <=3.3.9)
vditor NPM version =2.3.1, =0.0.17, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =0.0.1, =0.0.2, =0.0.1-beta.15, =0.0.1, =0.0.0, =0.0.24 and more Source cves: CVE-2021-4103 Source advisory: OSV:GHSA-CXM3-V4MV-6MH8...
Mageia: Security Advisory (MGASA-2017-0234)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2017-0259)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:4063-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nb-coolbeansafety.com Cross Site Scripting vulnerability OBB-2273766
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aadetools (>=0.0.3 <=0.0.5), aegea (>=2.0.0 <=2.2.5) +119 more potentially affected by CVE-2021-3572 via pip (>=10.0.0b2 <=21.0.1)
pip PYPI version =10.0.0b2, =0.0.3, =2.0.0, =0.1.2, =0.0.1, =5.1.0, =0.0.1, =0.0.0, =0.0.2, =0.1.0, =0.0.0, =0.1.0.dev1, =0.0.1, =0.0.1, =0.2.3 and more Source cves: CVE-2021-3572 Source advisory: OSV:PYSEC-2021-437...
GHSA-RM4W-6696-R77P nb-connect invalidly assumes the memory layout of std::net::SocketAddr
The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...
nb-connect invalidly assumes the memory layout of std::net::SocketAddr
The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...
CVE-2021-27376
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...
CVE-2021-27376
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...
Information disclosure
An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...