35 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Malicious code in crypto-hash-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208571de648a5ef9d7b4ae7b6f83151d9c2272f75fc16b42faa75a352ded2e08 Package name and metadata impersonate Sindre Sorhus's legitimate crypto-hash package forged author Sindre Sorhus and repository...
Malicious code in ninja-ssh-proto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f71e430b37d8fe0ee6c72826071159bb146664fe17d9a596f6e611579851f7 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
CVE-2019-11697
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on th...
EUVD-2020-6280
Malware in sbrugna...
EUVD-2020-28011
Malware in sbrugna...
CVE-2020-6869
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation...
CVE-2020-14121
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...
Azure File Sync Agent v16.2 Release - February 2024 (Security-only update)
Azure File Sync Agent v16.2 Release - February 2024 Security-only update This article describes the improvements and issues that are fixed in the Azure File Sync Agent v16.2 release that is dated February 2024. Additionally, this article contains installation instructions for this release...
Security Bulletin: Flexera InstallShield has a security vulnerability that affects Content Manager Enterprise Edition Client for Windows (CVE-2016-2542)
Summary Flexera InstallShield has a security vulnerability that could be exploited in Content Manager Enterprise Edition V8.4.3 Client for Windows. The Content Manager Enterprise Edition V8.4.3 base and fixpack utilizes the Flexera InstallShield. Vulnerability Details CVEID: CVE-2016-2542...
The vulnerability of the Galaxy Store app, related to incorrect default permissions, allows a violator to install apps from the Galaxy Store without interacting with the user.
The vulnerability of the Galaxy Store app is related to incorrect default permissions. Exploiting this vulnerability allows a hacker to install apps from the Galaxy Store without any interaction with the user...
How to silent install workspace app for linux
Silent install workspace app for linux package. Use case: installation for multiple users using a script...
CVE-2020-14121
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...
Code injection
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...
CVE-2020-14121
The CVE-2020-14121 issue affects Xiaomi Mi App Store. Affected component: the store’s business logic with incomplete product permission checks, allowing bypass and a local silent installation. Root cause: insufficient permission enforcement enables an attacker to install without user-visible prom...
Xiaomi Mi App Store 授权问题漏洞
Xiaomi Mi App Store 小米应用商店 is an application store by the Chinese company Xiaomi. A security vulnerability exists in Xiaomi Mi App Store, which is caused by an incomplete bypassed product permission check and can be exploited by an attacker to perform a local silent installation...
Azure File Sync Agent v14.1 Release - December 2021
Azure File Sync Agent v14.1 Release - December 2021 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v14.1 release that is dated December 2021. Additionally, this article contains installation instructions for this release. Improvements and issues tha...
ZTEMarket APK Information Disclosure Vulnerability
ZTEMarket APK is an application store installer from ZTE Corporation ZTE, China. An information disclosure vulnerability exists in ZTEMarket APK version 10.06 and earlier. An attacker can exploit this vulnerability to obtain a private cookie and perform a silent installation...
CVE-2020-6869
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation...
Information disclosure
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation...