Malicious code in @zalastax/nolb-packaged (npm)

The package @zalastax/nolb-packaged was found to contain malicious code...

MAL-2025-12904 Malicious code in @zalastax/nolb-packaged (npm)

The package @zalastax/nolb-packaged was found to contain malicious code...

CVE-2024-22195 affecting package nodejs18 for versions less than 18.20.3-3

CVE-2024-22195 affecting package nodejs18 for versions less than 18.20.3-3. A patched version of the package is available...

[SECURITY] Fedora 40 Update: containers-common-0.58.0-2.fc40

This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...

Get-AppLockerEventlog - Script For Fetching Applocker Event Log By Parsing The Win-Event Log

This script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces of information relative to the events for forensic or threat-hunting purposes, or even in order to troubleshoot. Here are the log...

Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CakePHP 4.2.11, 4.3.11, and 4.4.10 Released

CakePHP 4.2.11, 4.3.11, and 4.4.10 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 4.2.11, 4.3.11, and 4.4.10. These releases contain a security fix for the limit and offset methods of Cake\Database\Query. If passed unfiltered request data, these methods...

SUSE-SU-2023:0030-1 Security update for tcl

This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead bsc1195773...

RLSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...

Spring Framework insecurely handles PropertyDescriptor objects with data binding

Overview The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Spring Framework is a Java framework that can be used to create applications such as web applications...

Denial of Service (DoS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Denial of Service DoS. Vulnerable version of libxml2 was used. The fix to this updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 -...

[SECURITY] Fedora 34 Update: containers-common-1-15.fc34

This package contains common configuration files and documentation for cont ainer tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from p rojects which are vendored into Podman, Buildah, Skopeo, etc. but they are not pack ag...

Unspecified Vulnerability in Oracle Application Express Packaged Apps component

Oracle Applications Manager is an application management software from Oracle USA. The software provides monitoring, trending, and fault management for Oracle data files. A security vulnerability exists in Oracle Application Express Packaged Apps component prior to version 20.2, which can be...

CVE-2020-14898

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromis...

CVE-2020-14898

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromis...

CVE-2020-14898

CVE-2020-14898 affects Oracle Database Server’s Oracle Application Express Packaged Apps (APEX) prior to version 20.2. The issue allows a low-privilege user with a valid account and network access via HTTP to interact with a vulnerable APEX Packaged Apps component, potentially resulting in unauth...

CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...

Design/Logic Flaw

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...

Security Bulletin: A vulnerability affects the Cordova platform packaged with Rational Application Developer (CVE-2015-8320)

Summary A vulnerability has been discovered that affects the Cordova platform packaged with Rational Application Developer. Vulnerability Details CVEID: CVE-2015-8320 DESCRIPTION: Apache Cordova Android could allow a remote attacker to bypass security restrictions, caused by weak randomization of...

AppLocker Policy Bypass

Exploit Title: AppLocker 'Packaged App' Installation Policy Bypass Date: 2/1/20 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: N/A Version: Windows build 18363.535 and below. Tested on: Windows 10 build 17763.253, 18362.295, 18362.35...