CVE-2022-40129

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...

Moderate: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available. OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers...

Malicious Package

Overview optional-dep-wont-be-found is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious code in optional-dep-wont-be-found (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2226cdc4dac73c40bc10584ecdb520dfdf47b568418de61acf37fd8cef42daf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for seamonkey (important)

openSUSE Security Update: Security update for seamonkey Announcement ID: openSUSE-SU-2022:10077-1 Rating: important References: Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update for seamonkey fixes the following issues:...

Malicious code in required-optional (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a2c10107a7d2e81f576a96391fc9bacbe65344d9e13c66115d2ebbc663b6a78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5757 Malicious code in required-optional (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a2c10107a7d2e81f576a96391fc9bacbe65344d9e13c66115d2ebbc663b6a78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@bobliao/candle-view (>=0.1.4 <=0.3.8) potentially affected by unknown CVE via plugin-bugfix-v8-spread-parameters-in-optional-chaining (=0.0.1-security)

plugin-bugfix-v8-spread-parameters-in-optional-chaining NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on plugin-bugfix-v8-spread-parameters-in-optional-chaining and may be impacted: - @bobliao/candle-view =0.1.4, =0.3.8 Sourc...

Osinteye - Username Enumeration And Reconnaisance Suite

Username Enumeration And Reconnaisance Suite Supported sites PyPI Github TestPypi About.me Instagram DockerHub Installation Clone project: $ git clone https://github.com/rly0nheart/osinteye.git $ cd osinteye $ pip install -r requirements.txt Usage $ python osinteye --SITENAME USERNAME Or give...

GSD-2022-1001341 drm/panel: ili9341: fix optional regulator handling

drm/panel: ili9341: fix optional regulator handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

USN-5321-2 firefox vulnerabilities

USN-5321-1 fixed vulnerabilities in Firefox. The update didn't include arm64 because of a regression. This update provides the corresponding update for arm64. This update also removes Yandex and Mail.ru as optional search providers in the drop-down search menu. Original advisory details: Multiple...

HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods

Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...

SUSE-SU-2022:0798-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: c3p0: - Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19 Address CVE-2018-20433 Address CVE-2019-5427 - XML-config parsing related attacks bsc1133198 Properly implement the JDBC 4.1 abort method - Build with log4j mapper - Enhanced for RHEL8...

SUSE-SU-2022:0593-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: c3p0: - Build with log4j mapper dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c make routers option optional hibernate5: - Fix potential SQL injection CVE-2020-25638 bsc1193832 mgr-libmod: - Version 4.2.7-1 require python macros for building...

CLSA-2022-1643918500 Fix of CVE: CVE-2022-23305

CVE-2022-23305: disable JDBCAppender by default. Add optional parameter for enabling it...

CLSA-2022-1643918279 Fixed CVE-2022-23305 in log4j

CVE-2022-23305: disable JDBCAppender by default. Add optional parameter for enabling it...

[SECURITY] Fedora 34 Update: gnome-shell-extensions-40.5-1.fc34

GNOME Shell Extensions is a collection of extensions providing additional and optional functionality to GNOME Shell. Enabled extensions: apps-menu auto-move-windows drive-menu launch-new-instance native-window-placement places-menu screenshot-window-sizer user-theme window-list windowsNavigator...

Denial Of Service (DoS)

libsepol is vulnerable to denial of service. The CIL compiler in SELinux has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...

libsepol: heap-based buffer overflow in ebitmap_match_any()

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...