MAL-2024-9660 Malicious code in iarna (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6101 Malicious code in tensor-processor-learning (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CGA-9P7V-FWG2-4G8F

Bulletin has no description...

CGA-56RP-538M-2GC6

Bulletin has no description...

CVE-2023-5572 Server-Side Request Forgery (SSRF) in vriteio/vrite

Server-Side Request Forgery SSRF in GitHub repository vriteio/vrite prior to 0.3.0...

CVE-2023-42277

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...

Code injection in ansible semaphore

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

GHSA-PMHG-CMJC-3875 Ansible Semaphore mishandles authentication

api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication...

GSD-2023-1001479 media: vivid: fix compose size exceed boundary

media: vivid: fix compose size exceed boundary This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

WP Pipes < 1.4.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

GSD-2022-1007844 netfilter: ipset: enforce documented limit to prevent allocating huge memory

netfilter: ipset: enforce documented limit to prevent allocating huge memory This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...

MAL-2022-4464 Malicious code in make-discord-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52967aaafb09541efff266ef4add48f8dc22272474b7430059b3e44d3602989c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5775 Malicious code in revshell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72eab8f20fa73ec0e788be1ec74500bfd8279edf352f3c5c1839d837e9a68130 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV-2022-243 Heap-buffer-overflow in grk::PacketIter::next_pcrl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45537 Crash type: Heap-buffer-overflow READ 1 Crash state: grk::PacketIter::nextpcrl grk::T2Decompress::decompressPackets grk::TileProcessor::decompressT2...

UVI-2021-1002022 media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

media: firewire: firedtv-avc: fix a buffer overflow in avccapmt This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.158 by commit...

GSD-2021-1001878 audit: fix possible null-pointer dereference in audit_filter_rules

audit: fix possible null-pointer dereference in auditfilterrules This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commit...

GSD-2021-1000043 net: hso: fix NULL-deref on disconnect regression

net: hso: fix NULL-deref on disconnect regression This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.115 by commit...

Incorrect signature validation

More info at https://simplesamlphp.org/security/201803-01...

CVE-2017-12924

CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1p6 allows remote attackers to cause a denial of service divide-by-zero error via a crafted fpx image...

CVE-2016-7926

The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertypeprint...