31 matches found
@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +140 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)
@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...
EUVD-2007-0909
Malware in sbrugna...
EUVD-2022-32378
Malicious code in bioql PyPI...
MAL-2025-33433 Malicious code in sls-wallet-orders (npm)
The package sls-wallet-orders was found to contain malicious code...
Malicious code in sls-wallet-orders (npm)
The package sls-wallet-orders was found to contain malicious code...
Malicious code in eslint-plugin-sls-fe-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27d5e8725b356d074bcecc1d1449ec0da5fef9ddc886c9d593dedf52a0d6f245 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11037 Malicious code in eslint-plugin-sls-fe-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27d5e8725b356d074bcecc1d1449ec0da5fef9ddc886c9d593dedf52a0d6f245 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aliyun-sls_sdk (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in aliyun-sls (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6578 Malicious code in aliyun-sls (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
SUSE-SU-2023:4389-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to prevent testsuite fails - Improve salt.utils.json.findjson to avoid fails bsc1213293 - Use salt-call from sal...
SUSE-SU-2023:4388-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to prevent testsuite fails - Improve salt.utils.json.findjson to avoid fails bsc1213293 - Use salt-call from sal...
SUSE-SU-2023:4387-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to prevent testsuite fails - Improve salt.utils.json.findjson to avoid fails bsc1213293 - Use salt-call from sal...
SUSE-SU-2023:4386-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to prevent testsuite fails - Improve salt.utils.json.findjson to avoid fails bsc1213293 - Use salt-call from sal...
CVE-2022-27890
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack wou...
Design/Logic Flaw
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack wou...
CVE-2022-27890
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack wou...
CVE-2022-48308
CVE-2022-48308 affects Palantir Sls-logging: the component did not verify hostnames in TLS certificates due to incorrect use of the javax.net.ssl.SSLSocketFactory API. This can enable a network-position attacker to perform a man-in-the-middle attack, intercepting or altering traffic to and from t...
Palantir 信任管理问题漏洞
Palantir is a data platform from Palantir, Inc. that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Sls-logging prior to version 9.51.0 that originates from an unvalidated hostname i...
CVE-2022-48308
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack wou...