GHSA-93JC-VQQC-VVVH Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...

CVE-2020-0971

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932,...

CVE-2024-21540

Rejected reason: This issue is not a vulnerability because no real attack scenario can happen...

openSUSE Leap 安全漏洞

openSUSE Leap is a new openSUSE build and a new hybrid Linux distribution from SUSE Germany. A security vulnerability exists in openSUSE Leap that stems from an attacker's ability to place special files into the actual package source, allowing the attacker to change the victim's osc configuration...

Malicious code in libida (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in WpfLightToolkit.Net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in esqhttpvmurl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b110506eaac9840a464a211ec64f23d7fde95b941efb3feb7bec64d23d10aed2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

VulnCheck KEV: CVE-2020-1210

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

CVE-2022-27360

creationtimestamp| type| source ---|---|--- 2022-05-05 22:36:45+00:00| seen| https://t.me/cibsecurity/42046...

CVE-2020-1576

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2020-63731)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2020-63733)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

CVE-2017-5188

The bsworker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information...

DEBIAN-CVE-2014-3865

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...

Cygwin setup packages spoofing

Package source authentity is not checked during installation procedure...