Malicious code in metrics-probe-64b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...

Microsoft .NET 后置链接漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There is a post-release vulnerability in Microsoft .NET. Attackers can exploit...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a Denial of Service due to jackson-core ( WS-2026-0003 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS runtime and toolkit are vulnerable to a Denial of Service due to jackson-core. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default:...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to lz4 and Apache Log4j (CVE-2025-12183, CVE-2025-66566 & CVE-2025-68161 )

Summary Users of Kafka features in IBM App Connect Enterprise and IBM Integration Bus for z/OS and the jdbcConnector in IBM App Connect Enterprise are vulnerable to multiple vulnerabilities due to lz4 and Apache Log4j. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14674)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...

CVE-2025-21431 Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform

Information disclosure may be there when a guest VM is connected...

CVE-2024-53030 Improper Input Validation in Automotive OS Platform

Memory corruption while processing input message passed from FE driver...

CVE-2024-53022 Improper Input Validation in Automotive OS Platform

Memory corruption may occur during communication between primary and guest VM...

CVE-2024-43064

CVE-2024-43064 concerns Qualcomm chipsets where uncontrolled resource consumption occurs when a driver, an application, or an SMMU client accesses the global registers through the SMMU. The CVE is associated with high availability impact (NVD metrics show Availability Impact = High) and elevated ...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper memory allocation...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome prior to 120.0.6099.62 Linux , Mac, 120.0.6099.62/.63 Windows, which stems from a post-release reuse issue in Side Panel Search...

Android Security Bulletin—October 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-10-06 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Android Security Bulletin—August 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

DEBIAN-CVE-2023-0137

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with...

Unspecified Vulnerability in IBM DB2

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2. An attacker can exploit the vulnerability to cause a denia...

flash-plugin: multiple code execution issues fixed in APSB16-25

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...

CVE-2016-4230

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174,...

CVE-2016-4175

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...

CVE-2016-1032

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-1012,...