CVE-2022-43305

CVE-2022-43305 concerns the d8s-python package on PyPI, where a third-party backdoor was inserted into the Democritus ecosystem (democritus-algorithms) and is linked to d8s-htm 0.1.0. Connected sources corroborate that the backdoor could enable code execution, with multiple advisories referencing...

CVE-2022-43305

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

Oracle Linux 9 : python3.9 (ELSA-2022-7323)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7323 advisory. - Security fix for CVE-2020-10735 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

libgcrypt bug fix and enhancement update

An update is available for libgcrypt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libgcrypt library provides general-purpose implementations of various...

[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

PT-2022-5293 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue is related to insufficient protection of service data, which could allow a remote attacker to gain unauthorized access to sensitive information. It is also noted that the...

SUSE-SU-2022:3767-1 Recommended update for bind

This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cac...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

gnutls security update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

ALSA-2022:7105 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 For more details about the security issues, including the...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 For more details about the security issues, including the...

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The Office 365 Message Encryption messages are encrypted in insecure Electronic Codebook ECB mode of...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

Democritus Project d8s-algorithms Code Execution Vulnerability

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-algorithms version 0.1.0, which stems from the presence of a potential code execution package democritus-dicts...

CVE-2022-42040

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

d8s-python (>=0.2.0 <=0.9.0) potentially affected by CVE-2022-42040 via d8s-algorithms (>=0.3.0 <=0.7.0)

d8s-algorithms PYPI version =0.3.0, =0.2.0, =0.9.0 Source cves: CVE-2022-42040 Source advisory: OSV:PYSEC-2022-43019...

PYSEC-2022-43019

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

PYSEC-2022-43019

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...