2137 matches found
Malicious code in blueprint-org-planning-app-adp-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ce904784ecde9ca4b860730c45d27dbca01912380066fe5415b10d3f17f0af8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)
Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on...
Malicious code in portfolio-organism-adp-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41eb756462a90039b0df22968214c17f7b6bbf6a4aaf0db84da2266a6e33813d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1584 Malicious code in portfolio-organism-adp-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41eb756462a90039b0df22968214c17f7b6bbf6a4aaf0db84da2266a6e33813d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-37169
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
URL to PNG Security Vulnerability
URL to PNG is an application by Jason Raimondi Personal Developer. A security vulnerability exists in URL to PNG prior to version 2.0.3, which originates from the ability to read arbitrary files via a file wrapper via Playwright's screenshot feature...
Joomla core 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in Wrapper extensions vulnerability
Unauthenticated XSS in Wrapper extensions vulnerability discovered by ? in WordPress Core Joomla versions 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...
[20240704] - Core - XSS in Wrapper extensions
The wrapper extensions do not correctly validate inputs, leading to XSS vectors...
GHSA-665W-MWRR-77Q3 Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Impact All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47 Patches v2.0.3 requires input url to be of protocol http or https Workarounds Requires upgrade. References - https://github.com/jasonraimondi/url-to-png/issues/47 -...
SUSE CVE-2021-47253
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...
traceroute: improper command line parsing
A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines...
kernel: ext4: Fix function prototype mismatch for ext4_feat_ktype
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...
DEBIAN-CVE-2021-47253
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...
UBUNTU-CVE-2021-47253
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...
CVE-2021-47253
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...
SUSE CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-35802
A flaw was found in the Linux kernel. Incorrect position-dependent variable references in the startup code may lead to a crash...