ASB-A-300741186

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not...

BIT-REVIEWBOARD-2021-31330

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

Malicious code in wlwz-2312-6802 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4a48a8fcdb28633f92dd057bc5d3d5d23bde5125b348b9e3b31c97d09bdee12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-5604 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6963caefff4a061651d4c8afe98aa2ecad2483accb3ff5b65aef1fdecfba5ec0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b18e5e39a5429b6581b662603e2cdc68aa4bbf45ccd6bd7b57ab11e59e70b9a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4701 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5647e3b4fee9f16ffbe29eb2b149fff29235e592669b9e4aec6ac1de97016a24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4501 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 036f5d88d253076aad18f9d87dc4e849029773159ccedf2c1ef7262a7f6bfb60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-1902 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74c44976276b6a81564e2f0192ec068a9e1f855cdf778ec96739abcf75a5f678 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-1406 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03eda098bfd8ff06bfbffb6c4597c551d64c94aa280d2746277f582d353a30b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-1502 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b419fbe7b34074ccbdb7a8d3f4ba78e4cf2ce4ec98b0890a6c00bf046cf4287d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-1505 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f2786b0a34c606098989d37d5d7f1e5f8b78e941c421c74891d3bb3bf5da4d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-0105 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c47f5ea7a884813c3a0334369a38c3fc527da728f62f44acf79e2c716f52f3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ScarCruft Unleashes Tailored Attacks on Cybersecurity Frontlines

Summary: The ScarCruft APT group is actively targeting attacks on media organizations and individuals in the realm of threat intelligence. ScarCruft employs persistent tactics, using phishing emails to deliver RokRAT, a custom-designed backdoor. Threat Level - Amber | Attack Report For a detailed...

Authentication flaw

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2024-23725 via ghost (>=0.11.14 <=1.26.2)

ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2024-23725 Source advisory: OSV:GHSA-FH38-9FGR-454W...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions...

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...