MAL-2022-442 Malicious code in @msmg/vue-uid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 553b2404d6773b7d0f3548c2b1a5dd2dac7349a45d2cf9e3b6e1ec8a770a112a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2869 Malicious code in ethers-js-snap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fed39a2c0c5817dd6ae76956a74c435c13481436cac3eb9d117857ad9be21af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Information Disclosure Via Header Leak

mechanize is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to the authorization header by redirecting a victim to a different port on the same site...

Failed to install VDA due to "Installation of the Citrix AppExperience failed with error code 1612"

Failed to install VDA due to "Installation of the Citrix AppExperience failed with error code 1612" MSI path: C:\WINDOWS\TEMP\Ctx-5CC1B7DD-10C1-4B5B-A4B3-EA564BA32118\Extract\Image-Full\x64\Virtual Desktop Components\WS\IcaAppExpx64.msi...

GHSA-4VR7-M8P8-434H MediaWiki Cross-site Scripting (XSS) vulnerability

In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...

GHSA-22JM-4HXW-35JF OpenStack Nova can leak consoleauth token into log files

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is...

GHSA-C33M-22CR-J9X4 Designate does not enforce the DNS protocol limit concerning record set sizes

Designate does not enforce the DNS protocol limit concerning record set sizes...

Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

cnlh nps vulnerable to file overwrite by local user

lib/install/install.go in cnlh nps prior to 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...

GHSA-C5WC-V287-82PC HashiCorp Vault improper configuration of multi factor authentication

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

GHSA-5CVH-XQHR-5G87 phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement."

Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."...

GHSA-G5FX-CCWV-5C4F Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors...

GHSA-R326-MP8G-6XFC phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

GHSA-FX92-WH72-8G9Q Apache Atlas produces Stack trace in error response

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

GHSA-8XQ7-7HCX-8P8G Apache OpenMeetings Directory Traversal vulnerability

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. dot dot in a ZIP archive entry...

GHSA-86V9-GQH9-8268 Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 Flash Video aka FLV files and 2 YouTube...

Improper Validation of Array Index

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...

GSD-2022-1001642 i2c: dev: check return value when calling dev_set_name()

i2c: dev: check return value when calling devsetname This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.35 by commit...

WordPress Weblizar Pin It Button On Image Hover And Post plugin <= 3.2 - Arbitrary Settings Update vulnerability

Arbitrary Settings Update vulnerability discovered by Jan w Oleju in WordPress Weblizar Pin It Button On Image Hover And Post plugin versions = 3.2. Solution Update the WordPress Weblizar Pin It Button On Image Hover And Post plugin to the latest available version at least 3.4...

Linux CWA2109 - KeyboardLayout=(Server Default) setting not work as expected

KeyboardLayout=Server Default in Linux CWA2109 is not working, while Linux CWA2108/2106 is working well...