MAL-2022-4825 Malicious code in next-plugin-normal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a774bb288c6816fa84250343f6d4d0e0e237b278afc1cbe10e3ea47cd7057772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation version 21.0.1 is vulnerable to an information disclosure...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware, which stems from the fact that the admin-api privilege settings for the sales channel are still available in a normal user session...

User Profile Arbitrary Junction Creation Local Privilege Elevation

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

...

CVE-2022-26534

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks...

ALPINE-CVE-2022-0908

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

UBUNTU-CVE-2022-0908

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

Acer Care Center 授权问题漏洞

Acer Care Center is a system care center from Acer China Acer that allows you to back up or restore your system settings and network drivers to prevent the effects of system failure. Acer Care Center version 4.00.30xx to versions prior to 4.00.3042 A security vulnerability exists that originates...

Librenms 信息泄露漏洞

Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates. librenms suffers from an information disclosure vulnerability that stems from allowing users with...

Cain & Abel 4.9.56 - Unquoted Service Path Vulnerability

Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1...

CVE-2021-23236 Fresenius Kabi Agilia Connect Infusion System uncontrolled resource consumption

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...

Enterprise Endpoint Security 代码问题漏洞

Check Point Enterprise Endpoint Security is an advanced protection focused on traditional endpoints and modern mobile devices from Check Point Israel. A security vulnerability exists in Enterprise Endpoint Security E86.20 Windows Clients that originates from a user having access to the directory...

ZTE Big Video Analysis Product 权限许可和访问控制问题漏洞

An elevation of privilege vulnerability exists in ZTE Big Video Analysis Product, a large video analytics product from ZTE Corporation China, which stems from an attacker with normal user privileges gaining unauthorized access to ZTE Big Video Analysis Product due to improper management of timed...

How We’re Protecting Customers & Staying Ahead of CVE-2021-44228

CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent...

UVI-2021-1002307 btrfs: fix memory ordering between normal and ordered work functions

btrfs: fix memory ordering between normal and ordered work functions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

UVI-2021-1002257 btrfs: fix memory ordering between normal and ordered work functions

btrfs: fix memory ordering between normal and ordered work functions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.162 by commit...

minio -- policy restriction issue

minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using righ...

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in Netgear NETGEAR that stems from a security misconfiguration in some NETGEAR devices that affects normal...

CVE-2021-37211

The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks...