Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in alita-poke19 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e07a6d211049083640d79acd5ee04fed9c37ba6295c51b3713146ceb7a531b67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

GHSA-7HRH-V6WP-53VW Evmos allows unvested token delegations

Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade...

CVE-2024-36892 mm/slub: avoid zeroing outside-object freepointer for single free

In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe "mm/slub: handle bulk and single object freeing separately" splits single and bulk object freeing in two functions slabfree and slabfreebulk...

Exploit for CVE-2023-38646

CVE-2023-38646 - Metabase Pre-auth RCE !Untitled presentatio...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-34473 CVE-2021-34473 Microsoft Exchange Server Remote...

Reddit: IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter

Summary: This vulnerability consist of modifying the PayPal transaction ID to buy a big coin pack but paying the small price for it. Impact: The only impact here could be that you don't earn the money you deserve, and users can offer a lot of presents to other users, breaking the magic of the...

Exploit for CVE-2020-1472

Windows NetLogon privilege escalation vulnerability reoccurren...

php:php-fuzz-parser: Crash in _fini

Detailed Report: https://oss-fuzz.com/testcase?key=5630056790228992 Project: php Fuzzing Engine: honggfuzz Fuzz Target: php-fuzz-parser Job Type: honggfuzzasanphp Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x0000012fabd4 Crash State: fini Sanitizer: address ASAN Recommended...

ipfs:ipfs_ds_badger2: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=4913800225751040 Project: ipfs Fuzzing Engine: libFuzzer Fuzz Target: ipfsdsbadger2 Job Type: libfuzzerasanipfs Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000201320 Crash State: NULL Sanitizer: address ASAN Recommended Securi...

envoy:codec_impl_fuzz_test: Stack-use-after-scope in Envoy::Http::Http1::ConnectionImpl::readDisable

Project: https://github.com/envoyproxy/envoy.git Detailed Report: https://oss-fuzz.com/testcase?key=5716313302630400 Project: envoy Fuzzing Engine: afl Fuzz Target: codecimplfuzztest Job Type: aflasanenvoy Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7f5c31653660...

libreoffice:lwpfuzzer: Heap-use-after-free in XFCell::Add

Project: git://anongit.freedesktop.org/libreoffice/core Detailed Report: https://oss-fuzz.com/testcase?key=5072863168299008 Project: libreoffice Fuzzing Engine: afl Fuzz Target: lwpfuzzer Job Type: aflasanlibreoffice Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address:...

ndpi:fuzz_process_packet: Heap-buffer-overflow in ndpi_search_amazon_video

Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5112748036063232 Project: ndpi Fuzzing Engine: afl Fuzz Target: fuzzprocesspacket Job Type: aflasanndpi Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60a00003d491 Crash State...

libheif:file-fuzzer: Heap-buffer-overflow in ff_hevc_put_hevc_epel_pixels_8_sse

Detailed Report: https://oss-fuzz.com/testcase?key=4818096369434624 Project: libheif Fuzzing Engine: libFuzzer Fuzz Target: file-fuzzer Job Type: libfuzzerasanlibheif Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x61a00001fa80 Crash State: ffhevcputhevcepelpixels8sse...

qpdf:dct_fuzzer: Use-of-uninitialized-value in ycck_cmyk_convert

Project: https://github.com/qpdf/qpdf.git Detailed Report: https://oss-fuzz.com/testcase?key=5646580451639296 Project: qpdf Fuzzing Engine: libFuzzer Fuzz Target: dctfuzzer Job Type: libfuzzermsanqpdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

CVE-2019-18278

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqtplugin!vlcentrylicense300f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this...

php:php-fuzz-parser: Crash in zend_compile_const

Detailed Report: https://oss-fuzz.com/testcase?key=5682607961931776 Project: php Fuzzing Engine: libFuzzer Fuzz Target: php-fuzz-parser Job Type: libfuzzerubsanphp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0008041582b8 Crash State: zendcompileconst zendcompileargs...

aspell/aspell_fuzzer: Heap-buffer-overflow in acommon::find_file

Project: https://github.com/gnuaspell/aspell.git Detailed report: https://oss-fuzz.com/testcase?key=5693958272843776 Project: aspell Fuzzer: aflaspellfuzzer Fuzz target binary: aspellfuzzer Job Type: aflasanaspell Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

cryptofuzz/cryptofuzz-openssl: Crash in aesni_ecb_encrypt

Project: https://github.com/guidovranken/cryptofuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5638960371466240 Project: cryptofuzz Fuzzer: libFuzzercryptofuzzcryptofuzz-openssl Fuzz target binary: cryptofuzz-openssl Job Type: libfuzzerubsancryptofuzz Platform Id: linux Crash Type:...