MiracleLinux 9 : bubblewrap-0.4.1-8.el9, flatpak-1.12.9-3.el9 (AXSA:2024-9109:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9109:02 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly...

Malicious code in vdous (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 287389231a3c89843cda42ba76c0357e0f1e933cd479a9e12621a250e7014980 The package vdous was found to contain malicious code. Source: ghsa-malware db289bbb4a097deab7e11457a14affb9e2579bda9632d94fba4110f60b48ae63 Any...

Malicious code in tensor-fi-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097848a520bc6a7316c011e97b306f4743b5498acdeccea54d5d4a0ab44bdebd The package tensor-fi-utils-core was found to contain malicious code. Source: ghsa-malware...

GNU Mailman 路径遍历漏洞

GNU Mailman is a free suite of software for managing email discussions and email lists from the GNU community in the United States. GNU Mailman suffers from a directory traversal vulnerability that originates from a directory traversal that results in arbitrary file reads. An attacker could use t...

CVE-2025-30458

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox...

Malicious code in node-tg-bot-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa25c03f22731cf537fcef307f4a17c8cde7f9e55ec3fbd4e39168cb337ceccd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-54537

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox...

Malicious code in semre (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ecf43dc9cb8760c54597604817ff3405fc66e2908992a7eac5848ddb74da24c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sq-jsith-test-npm-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd7ef60a25a9c90132094be820194887c51be618dc8d74a3cdb86d9d68f418f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CivetWeb 路径遍历漏洞

CivetWeb is an open source, easy-to-use, powerful, C/C++-embeddable web server with optional CGI, SSL, and Lua support. A security vulnerability exists in CivetWeb that stems from a failure of a network system or product to properly filter special elements in a resource or file path. An attacker...

Linksys SMART Wi-Fi Firmware Patches Released

Two versions of popular consumer and small office Linksys routers remain vulnerable to a pair of vulnerabilities recently patched in other models of the Belkin-owned networking gear. Linksys EA2700 and EA3500 routers running Linksys SMART Wi-Fi firmware have yet to be patched against...

Shopex V4. 8. 4|V4. 8. 5 download an arbitrary file vulnerability-vulnerability warning-the black bar safety net

The use of the premise is to program the application to the database server and if possible even outside, this is critical. Your engage in Station time to meet with the station, online can't find the version of the vulnerability, their own get back to the source to read a bit. Find a loophole, or...

Misc information on News server

This script detects if the NNTP server is open to outside, counts the number of groups, and tries to post outside. This channel may been used by virus or trojan. OpenVAS Vulnerability Test $Id: nntpinfo.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Misc information on News server Authors:...

Check Point Software Firewall-1 3.0/1 4.0 / Cisco PIX Firewall 4.x/5.x - 'ALG' Client

// source: https://www.securityfocus.com/bid/1045/info A vulnerability exists in the handling of certain rules on many firewalls, that may allow users outside of the firewall to gain limited access to areas behind firewalls. Whereas previous descriptions of attacks of this style were server based...