Malicious code in fini-savion-tra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5e72b20f945e70d162959d7fc9b812249c334375f9ddba5e1dcceecaa8f0ac6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tra-arifvauchat-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e26d506f8d993fdc138822a2091a052075e901565d28616ce4c2deebcd6adc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tra-arifchat-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df8135d3cbda7a96a1932a8ca9ee2ca4ec1b8146189b57ac445c860df1e2f6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1443 Malicious code in tra-arifvauchat-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e26d506f8d993fdc138822a2091a052075e901565d28616ce4c2deebcd6adc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1442 Malicious code in tra-arifchat-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df8135d3cbda7a96a1932a8ca9ee2ca4ec1b8146189b57ac445c860df1e2f6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

tra-uk.org Cross Site Scripting vulnerability OBB-2924447

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37374)

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Fedora 31 : elog (2020-f49fe7f011)

Security fix for CVE-2019-3993, CVE-2019-3994, CVE-2019-3995, CVE-2019-3992, CVE-2019-3996 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possibl...

Fedora 30 : elog (2020-9f8bc040c8)

Security fix for CVE-2019-3993, CVE-2019-3994, CVE-2019-3995, CVE-2019-3992, CVE-2019-3996 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possibl...

NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)

Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2 Versions: 3.8.0 and below Tested Against: 03.07.0000.0011 a...

HPE LoadRunner < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE

The version of HP LoadRunner installed on the remote Windows host is prior to 12.53 patch 4. It is, therefore, affected by a remote code execution vulnerability due to a heap-based buffer overflow condition in the mxdrstring function in libxdrutil.dll. An unauthenticated, remote attacker can...

FreeBSD : jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS (549a2771-49cc-11e4-ae2c-c80aa9043978)

Jenkins Security Advisory : Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques Vidrine and contributors Redistribution an...

CVE-2014-5656

The TRA Auctions for Buyers aka com.manheim.tra application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The TRA Auctions for Buyers aka com.manheim.tra application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5656

The Android app TRA Auctions for Buyers (com.manheim.tra) version 2.6 does not verify X.509 SSL server certificates, enabling man-in-the-middle attacks to spoof servers and access sensitive information via crafted certificates. This affects confidentiality and integrity (partial) with a CVSS v2 b...

CVE-2014-5656

The TRA Auctions for Buyers aka com.manheim.tra application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Fedora 16 : libupnp-1.6.18-1.fc16 (2013-1713)

linupnp 1.6.18 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2011-0649

TIBCO CVE-2011-0649 affects Rendezvous and Enterprise Message Service components on Unix: Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), Rendezvous Secure Routing Daemon (rvsrd), and EMS Server (tibemsd) across Rendezvous 8.2.1–8.3.0, EMS 5.1.0–6.0.0, TRA 5.6.2–5.7.0, Silver B...

CVE-2010-0184

Summary: CVE-2010-0184 affects the (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility within TIBCO Runtime Agent prior to 5.6.2 . The vulnerability is due to weak permissions on domain properties files, which could allow local users to obtain domain administrator creden...

CVE-2008-3338

Multiple buffer overflows in TIBCO Hawk 1 AMI C library libtibhawkami and 2 Hawk HMA tibhawkhma, as used in TIBCO Hawk before 4.8.1; Runtime Agent TRA before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute...