14 matches found
Malicious code in chai-web3-testkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...
MAL-2026-5699 Malicious code in chai-web3-testkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...
ai.h2o:h2o-algos (=0.1.9), ai.h2o:h2o-app (=0.1.9) +2025 more potentially affected by CVE-2026-45536 via io.netty:netty-transport-native-kqueue (>=4.1.11.Final <=4.1.134.Final)
io.netty:netty-transport-native-kqueue MAVEN version =4.1.11.Final, =3.30.1.1, =3.10.0.5, =0.2.3.5, =2.4.0, =1.5.0, =3.0.0, =3.0.0, =1.0.3, =4.4.0, =4.7.3 and more Source cves: CVE-2026-45536 Source advisory: OSV:GHSA-W573-9FFJ-6FF9...
net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.108.0), org.elasticsearch.plugin:transport-netty4 (>=9.0.0 <=9.1.10) +4 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.0.0-beta1 <=9.1.7)
org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =9.1.4, =9.0.0, =9.0.0, =9.1.10 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...
BIT-GRADLE-2021-29428 Local privilege escalation through system temporary directory
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
com.typesafe.akka:akka-stream-kafka-cluster-sharding_3 (=4.0.1), com.typesafe.akka:akka-stream-kafka-testkit_3 (=4.0.1) potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_3 (=4.0.1)
com.typesafe.akka:akka-stream-kafka3 MAVEN version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-stream-kafka3 and may be impacted: - com.typesafe.akka:akka-stream-kafka-cluster-sharding3 =4.0.1 -...
SUSE CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
Directory traversal
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428 Local privilege escalation through system temporary directory
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
CVE-2021-29428 affects Gradle before 7.0 on Unix-like systems. The system temporary directory could be created with open permissions, allowing multiple users to create and delete files, enabling local privilege escalation through rapid deletion/recreation of files during a build. Impacted scenari...