semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding

A vulnerability was found in semantic-release. Secrets that are normally masked are accidentally disclosed if they contain characters excluded from uri encoding by encodeURI. The vulnerability is further limited to execution contexts where push access to the related repository is unavailable...

DOS(Denial Of Service).External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract.

Lines of code Vulnerability details Impact --Check: calls-loop --Severity: Medium --Confidence: Medium External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. There are two instances where this can occur. Proof of Concept -- --ConsenSys Smart...

simplepush 资源管理错误漏洞

simplepush is a mobile application from the German company simplepush. Push notifications can be sent to your device immediately via API or third-party integration. A security vulnerability exists in simplepush that stems from the registration of a fake application using the wrong deviceTokens,...

DoS with block gas limit--External calls inside a loop might lead to a denial-of-service attack.

Lines of code Vulnerability details Impact --Check: calls-loop --Severity: Medium --Confidence: Medium External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. Proof of Concept -- --ConsenSys Smart Contract Best Practices -- -- Tools Used...

Malicious Package

Overview serverless-push-hasura is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

Malicious code in mattermost-push-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b774ab75f216e1837bd470c317d0060733b68b295723d9cb48aec900e0a9abd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4504 Malicious code in mattermost-push-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b774ab75f216e1837bd470c317d0060733b68b295723d9cb48aec900e0a9abd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tinkoff-push-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 100d2e4c7fa6fc1fa8734b39177f7b6a6c93b853ca4a12d6d470768e03df237c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vc-push-receiver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50bdb9564abfb7a869e4f497f2f86f6def5718f05a91105c4cdde6a86a7665cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...

CVE-2022-31051

A vulnerability was found in semantic-release. Secrets that are normally masked are accidentally disclosed if they contain characters excluded from uri encoding by encodeURI. The vulnerability is further limited to execution contexts where push access to the related repository is unavailable...

GHSA-RWF4-GX62-RQFW `MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild:...

WhatsApp accounts hijacked by call forwarding

In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat...

CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

org.richfaces:richfaces-push-depchain (=5.0.0.Alpha2) potentially affected by CVE-2014-0086 via org.richfaces:richfaces (=5.0.0.Alpha2)

org.richfaces:richfaces MAVEN version =5.0.0.Alpha2 is affected by a known vulnerability. The following packages have a transitive dependency on org.richfaces:richfaces and may be impacted: - org.richfaces:richfaces-push-depchain =5.0.0.Alpha2 Source cves: CVE-2014-0086 Source advisory:...

JBoss RichFaces Improper Input Validation vulnerability

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...

GHSA-XFXV-F945-4QV6 JBoss RichFaces Improper Input Validation vulnerability

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...

The vulnerability of Windows Push Notification apps, which allow attackers to escalate their privileges.

The vulnerability of Windows Push Notification apps related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow attackers to gain increased privileges...

Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...