Lucene search
K

62 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in matic-snaps (npm)

The package matic-snaps was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.0 views

MAL-2025-26012 Malicious code in matic-snaps (npm)

The package matic-snaps was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/07/21 9:15 a.m.1 views

CVE-2024-6107

Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps...

9.8CVSS5.7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/06/11 12:15 p.m.5 views

CVE-2025-49709

Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4...

9.8CVSS7.3AI score0.0058EPSS
Exploits0References4
OSV
OSV
added 2025/05/01 3:15 p.m.4 views

UBUNTU-CVE-2022-49770

In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...

9.2CVSS6.1AI score0.0019EPSS
Exploits0References9
OSV
OSV
added 2025/05/01 2:9 p.m.8 views

CVE-2022-49770 ceph: avoid putting the realm twice when decoding snaps fails

In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...

7.8CVSS6AI score0.0019EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/05/01 2:9 p.m.19 views

CVE-2022-49770 ceph: avoid putting the realm twice when decoding snaps fails

In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...

0.0019EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.20 views

CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.9 views

CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

8.8CVSS7.3AI score0.00376EPSS
Exploits0References11
Hacker One
Hacker One
added 2024/07/03 5:48 p.m.8 views

MetaMask: Missing Line Terminator on allowedOrigins enables origin spoofing

The vulnerability identified by @pkkr was related to the Snaps allowedOrigins functionality, which allows Snap developers to control which origins can interact with certain Snap APIs. Due to a missing regex terminator, the origin control could be bypassed, enabling a malicious domain to access...

7AI score
Exploits0
OSV
OSV
added 2022/12/08 2:41 a.m.7 views

GSD-2022-1007874 ceph: avoid putting the realm twice when decoding snaps fails

ceph: avoid putting the realm twice when decoding snaps fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.81 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/17 1:11 a.m.25 views

GHSA-G63H-Q855-VP3Q Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...

5.9CVSS5.1AI score0.00308EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/01/13 3:0 p.m.6 views

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

9.8CVSS7.2AI score0.01762EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/12/06 11:55 a.m.5 views

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

9.8CVSS7.2AI score0.01762EPSS
Exploits1
OSV
OSV
added 2021/11/19 8:55 p.m.13 views

GHSA-6C7M-QWXJ-MVHP Broken encryption in EdgeX Foundry

Summary Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. Detailed Description The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in th...

5.4CVSS5.3AI score0.00313EPSS
Exploits0References4
OSV
OSV
added 2021/02/10 1:14 a.m.8 views

USN-4728-1 snapd vulnerability

Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a...

9.3CVSS7.4AI score0.00256EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/02/10 12:0 a.m.3 views

PT-2021-11381 · Canonical +1 · Snapd +2

Name of the Vulnerable Software and Affected Versions: snapd affected versions not specified Description: The issue arises when generating systemd service units for the docker snap and similar snaps, as snapd fails to specify Delegate=yes. As a result, systemd moves processes from containers...

9.3CVSS6.6AI score0.00256EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2020/12/04 12:0 a.m.35 views

Ubuntu 16.04 LTS / 18.04 LTS : Snapcraft vulnerability (USN-4661-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4661-1 advisory. It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into...

6.8CVSS6.6AI score0.00673EPSS
Exploits1References2
OSV
OSV
added 2020/12/03 6:35 p.m.5 views

USN-4661-1 snapcraft vulnerability

It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...

6.8CVSS5.8AI score0.00673EPSS
Exploits1References3
OSV
OSV
added 2019/05/13 4:29 p.m.5 views

CVE-2019-4259

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011...

5.5CVSS5.7AI score0.00353EPSS
Exploits0References2
Rows per page
Query Builder