MAL-2024-9169 Malicious code in new-code-script-gt-a-samp-h-a-c-k-down-lo-ad-lkk02y (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb0e96da27fe466eb9fbb7b1a946730e0e27214c53f611814bf4e08d5d9a17e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8751 Malicious code in bwiueor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a58c7ce1a6c1340dfe0646fa5ffe8b5916b1476bd1c511dde3c799c8d93b37d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8403 Malicious code in @diotoborg/libero-asperiores-at (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a35a71aba7a670730ac4f1a5a5536ec8a08d746fafe3ad4077a2397235c7b5a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7705 Malicious code in flammerxdjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8b6b80199d2f6500f4b47a77309fa995e34a633ea2fa5f5e265d0b1ffb7b085 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7228 Malicious code in @zitterorg/impedit-ex-praesentium (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a01b2c2c190e9b51f0ad7dd5d279aa1887f4286b8fd0f273f681093968ed6799 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1652 Malicious code in desain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13494704f154bacb5f2fc638287da1fe39acad551f086f8b5957f633ab310553 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1495 Malicious code in @juiggitea/ut-odit-at (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff9b5a74bede900c4ceff979d81e8f4ed604f8e3a54f9a8a828626cb8299f566 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1271 Malicious code in web-ar-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd6b41d316342a401f8e262adb37d1982a359946c37d5b6dbbf9903eed6c6ea0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1227 Malicious code in @lbnqduy11805/psychic-waffle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283930fe8d814ee74e54a0c5c9840cfb9db19835aeb82c67a360d39407e4132 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-793 Malicious code in wlwz-2312-6902 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cb741da9a32478639c8b0ef3ca6670d55dc5148725d55b4a7b71dd676c0f6f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-724 Malicious code in wlwz-2312-6105 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbf5abcd25d1d1a85f14ff2a618ccda59dc86b5f7700dfc70493d5b038622949 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-533 Malicious code in wlwz-2312-4003 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cade04019c93cac90303a5399259e82b8997c3c8f1a87492ac0b131a9086357 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-748 Malicious code in wlwz-2312-6402 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1caadbc8c9239e846f041d8a748fe9f65a969ca73bcef4e3aefded7129ba7f76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

tang security and bug fix update

7-8 - Set correct user/group tang/tang in tangd-keygen Resolves: rhbz2188743 7-7 - Fix race condition when creating/rotating keys Resolves: rhbz2182410 Resolves: CVE-2023-1672...

MAL-2023-1036 Malicious code in hackzvijay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware baa21bf2e50d46d8e86793d9a3b251a8fa8a72c0d1ca1086e4f68817a48a9d6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5670 Malicious code in react-redux-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1317918bed3a26481cc0f2581c7902fde3cb69f75efdf9ab9f4fc365d5abf451 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6337 Malicious code in style-componenx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb248124090511a5f3edf33939c7877e6c001e2305b954ec69b81df52fbd63dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1756 Malicious code in cabelcli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 382a921684a0a041807859f787c6f94bdb42702e85cdbb673a398765e5928122 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FlyteAdmin Insufficient AccessToken Expiration Check

Impact Authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Using flyteadmin as the OAuth2 Authorization Server is unaffected by this issue. Patches 1.1.30 Workarounds Rotating signing keys immediately will: Invalidate all...

GHSA-QWRJ-9HMP-GPXH FlyteAdmin Insufficient AccessToken Expiration Check

Impact Authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Using flyteadmin as the OAuth2 Authorization Server is unaffected by this issue. Patches 1.1.30 Workarounds Rotating signing keys immediately will: Invalidate all...