Malicious code in savant-listing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7360e78a5c5d56ea9323cde1f41e33ce8cc6b625034ef82d067bbfeafee60461 [email protected] is a dependency-confusion squat. package.json declares both install and postinstall lifecycle scripts that run curl...

ROS-20250822-22

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2020-15260

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

CVE-2020-15260 Existing TLS connections can be reused without checking remote hostname

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

Sauwming pjproject 安全漏洞

Sauwming pjproject is a Sauwming open source application. It combines the signaling protocol SIP with a rich multimedia framework and NAT traversal capabilities into a portable, high-level API for almost all types of systems, from desktops and embedded systems to cell phones. A security...

GNOME gdmchooser format string vulnerability

Format string vulnerability in remote hostname...

Gnome-PTY-Helper UTMP - Hostname Spoofing

Gnome-PTY-Helper UTMP - Hostname Spoofing // source: https://www.securityfocus.com/bid/15004/info 'gnome-pty-helper' is susceptible to a local UTMP hostname spoofing vulnerability. This issue is due to the failure of the application to properly validate user-supplied data prior to using it to...

Gnome-PTY-Helper UTMP - Hostname Spoofing

// source: https://www.securityfocus.com/bid/15004/info 'gnome-pty-helper' is susceptible to a local UTMP hostname spoofing vulnerability. This issue is due to the failure of the application to properly validate user-supplied data prior to using it to update UTMP records. This vulnerability allow...