Malicious code in investing_parameters (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3fa4a6c4b0b94b2b009c0377390aeee029c2d9024af134c4697f3c8cdfb1f916 The OpenSSF Package Analysis project identified 'investingparameters' @ 1.2.1 rubygems as malicious. It is considered malicious because: - The...

CVE-2023-5129

creationtimestamp| type| source ---|---|--- 2023-09-26 00:34:41+00:00| seen| https://t.me/cibsecurity/71025 2023-09-26 17:10:45+00:00| exploited| https://t.me/BleepingComputer/18310 2023-09-26 17:23:29+00:00| exploited| https://t.me/BleepingComputer/18314 2023-09-27 07:26:11+00:00| exploited|...

Malicious code in tecno-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 031d3e0a1576d7fedc52920ce24b349bbcefa4fc7c381855f1bcbdc0b82a4dd6 The OpenSSF Package Analysis project identified 'tecno-new' @ 1.1.2 npm as malicious. It is considered malicious because: - The package...

CVE-2018-0173

creationtimestamp| type| source ---|---|--- 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:27:56+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971345 2025-02-23 02:10:17+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2026-02-02...

Malicious code in coveo-101-commerce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fc0cdf6355009bbf0e2512408fb6f96d5c1febe666618b3aece404301afc171f The OpenSSF Package Analysis project identified 'coveo-101-commerce' @ 3.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in pack-123-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 147b1fbc2985e829ebc40869208b16815788e67b83a8670679e6399dd6515755 The OpenSSF Package Analysis project identified 'pack-123-new' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in client-ws-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32231907789db551e533776ab68a4a01f4029a0723291d70d65927559eb647d2 The OpenSSF Package Analysis project identified 'client-ws-app' @ 5.20.20 npm as malicious. It is considered malicious because: - The package...

Malicious code in adityan-pwdd-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 674ca0f770a4ea3dd88fa7978e7f082c0baa7b7eaa7f761e364d1c8bccfc3664 The OpenSSF Package Analysis project identified 'adityan-pwdd-test' @ 3.0.8 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1180 Malicious code in falsepositivecheck6969 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cef392714b654bd14df8ba24c491e8844b54e08fee392bff62632f7f3e5d6fa1 The OpenSSF Package Analysis project identified 'falsepositivecheck6969' @ 9999.9.9 npm as malicious. It is considered malicious because: - The...

Malicious code in @hyperion-util/script-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fabcfd39cc4468aaddf92dd77dc548149fa6f7f8d09de7dc5af550bf8fbc2b81 The OpenSSF Package Analysis project identified '@hyperion-util/script-loader' @ 77.77.79 npm as malicious. It is considered malicious because: ...

CVE-2021-42063

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-42063.yaml 2023-06-15 16:30:05+00:00| seen| https://t.me/truesecator/4505 2024-09-08 06:15:31+00:00| published-proof-of-concept|...

CVE-2023-25814 Arbitrary File Read Vulnerability in metersphere

metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the...

vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

Never Mind the Ears, Here's Security Nation

It's another year down and another season down for Security Nation. With the close of our fifth season, I wanted to take a minute here to reflect on who we spoke with and what we talked about. The show titles focus as you would expect on the individual interview subjects, but there's a bunch of...

Last Years Open Source - Tomorrow's Vulnerabilities

Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: "given enough eyeballs, all bugs are shallow." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and...

CVE-2022-36804

creationtimestamp| type| source ---|---|--- 2022-08-27 09:06:15+00:00| seen| https://t.me/cyberbannewsir/6534 2022-08-29 11:27:11+00:00| seen| https://www.cert.at/de/warnungen/2022/8/kritische-sicherheitslucke-in-atlassian-bitbucket-server-and-data-center-updates-verfugbar 2022-08-29...

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...

Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects

Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine...

[Security Nation] Jim O’Gorman and g0tmi1k on Kali Linux

!\Security Nation\ Jim O’Gorman and g0tmi1k on Kali Linuxhttps://blog.rapid7.com/content/images/2022/05/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod sit down with Jim O’Gorman and Ben “g0tmi1k” Wilson of Offensive Security to chat about Kali Linux. They walk our host...

A scanning tool for open-sourced software packages? Yes, please!

The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...