30 matches found
Malicious code in stormbreaker-shade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c845d690b6091601683bf61bdd858e5579c2fd4d33b770806b1bb113e9533f1 The package stormbreaker-shade was found to contain malicious code...
MAL-2026-2392 Malicious code in stormbreaker-shade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c845d690b6091601683bf61bdd858e5579c2fd4d33b770806b1bb113e9533f1 The package stormbreaker-shade was found to contain malicious code...
SHADE-Arena: Evaluating Sabotage and Monitoring in LLM Agents
As Large Language Models LLMs are increasingly deployed as autonomous agents in complex and long horizon settings, it is critical to evaluate their ability to sabotage users by pursuing hidden objectives. We study the ability of frontier LLMs to evade monitoring and achieve harmful hidden goals...
SUSE-RU-2024:3971-1 Recommended update for mojo-parent
This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...
Malicious code in Shade.WPF.Controls (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Fedora: Security Advisory for maven-shade-plugin (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: maven-shade-plugin-3.5.1-4.fc40
This plugin provides the capability to package the artifact in an uber-jar, including its dependencies and to shade - i.e. rename - the packages of some of the dependencies. %javadocpackage...
gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (=4.1.0), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (=4.1.0) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (=4.1.0)
org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-contract-shade and may be impacted: -...
gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (>=4.0.1 <=4.0.4), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (>=4.0.0 <=4.0.4) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (>=4.0.0 <=4.0.4)
org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.0.0, =4.0.1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.4 Source cves: CVE-2024-22236 Source advisory: OSV:GHSA-P6RP-MX85-M459...
PT-2024-19288 · Google +1 · Guava +1
Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...
SUSE CVE-2020-21683
A global buffer overflow in the shadeortintnameafterdeclarecolor in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...
CVE-2022-20466
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
CVE-2022-20466
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
The vulnerability of the `shade_or_tint_name_after_declare_color` function in the `genpstricks.c` component, a utility for converting .fig files with the .fig2dev extension, allows a malicious actor to cause a service failure.
The vulnerability of the shadeortintnameafterdeclarecolor function in the genpstricks.c component, a utility for converting .fig files in the Fig2dev format, involves copying buffers without checking input data. Exploiting this vulnerability allows an attacker to cause service failure by converti...
Shade Threat Actors Call It Quits, Release 750K Encryption Keys
The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”...
Threat actors release Troldesh decryption keys
Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...
CVE-2016-11027
An issue was discovered on Samsung mobile devices with M6.0 software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 December 2016...
Threat Roundup for September 20 to September 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 20 and Sept. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Roundup for September 6 to September 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 6 and Sept. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Shade Ransomware Expands to U.S. Targets
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent...