MAL-2023-8299 Malicious code in shopify-sections-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 76d95fb018250029adf8dce0dc777382f9f6d2c30f003fe0fd403723d0efab8d The OpenSSF Package Analysis project identified 'shopify-sections-manager' @ 5.0.9 npm as malicious. It is considered malicious because: - The...

Malicious code in shopify-sections-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 76d95fb018250029adf8dce0dc777382f9f6d2c30f003fe0fd403723d0efab8d The OpenSSF Package Analysis project identified 'shopify-sections-manager' @ 5.0.9 npm as malicious. It is considered malicious because: - The...

USN-6413-1 binutils vulnerabilities

It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2017-1712...

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

vscode -- VS Code Remote Code Execution Vulnerability

VSCode developers report: Visual Studio Code Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacke...

USN-6110-1 Jhead vulnerabilities

It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS...

USN-6098-1 Jhead vulnerabilities

It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. CVE-2019-19035 It was discovered that Jhead did not properly...

PT-2023-18893 · Garmin · Ciq Api +1

Name of the Vulnerable Software and Affected Versions: GarminOS TVM component in CIQ API versions 1.0.0 through 4.1.7 Description: The permission system implemented by the GarminOS TVM component can be bypassed entirely, allowing a malicious application with specially crafted code and data sectio...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

SUSE CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

SUSE CVE-2011-3042

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections...

SUSE CVE-2012-2817

Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections...

SUSE CVE-2014-0172

Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...

SUSE CVE-2016-5028

The printframeinstbytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via an object file with empty bss-like sections...

SUSE CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

SUSE CVE-2017-8393

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHTREL/SHRRELA sections are always named starting with a .rel/.rela prefix. This...

SUSE CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

SUSE CVE-2020-6610

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in readsectionsmap in decoder2007.c...

SUSE CVE-2021-28277

A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c...

ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...