PYSEC-2022-43038

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

Democritus Project 代码问题漏洞

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-algorithms version 0.1.0, which stems from the presence of a potential code execution package democritus-dicts...

PT-2022-26216 · Pypi · D8S-Algorithms +1

Name of the Vulnerable Software and Affected Versions: d8s-algorithms version 0.1.0 Description: The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. Recommendations: Fo...

CVE-2022-42040

The CVE-2022-42040 entry concerns the Python package d8s-algorithms (PyPI) with version 0.1.0 affected by a backdoor injected by a third party (democritus-dicts), enabling potential remote code execution. Connected sources consistently describe the issue as a backdoor compromising the package dis...

CVE-2022-42040

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2454)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to...

CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

The vulnerability of the Valmet System 2019 software suite (Metso DNA) is related to the unsafe use of cryptographic algorithms, allowing a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the Valmet System 2019 software suite Metso DNA is related to the unsafe use of cryptographic algorithms. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...

Pmanager - Store And Retrieve Your Passwords From A Secure Offline Database. Check If Your Passwords Has Leaked Previously To Prevent Targeted Password Reuse Attacks

Demo Description Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted password reuse attacks. Why develop another password manager ? This project was initially born from my desire to learn Rust. I was tired of using th...

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

Malicious Package

Overview democritus-algorithms is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-algorithms package. References - GitHub Iss...

JOSE vulnerable to resource exhaustion via specifically crafted JWE

The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...

GHSA-JV3G-J58F-9MQ9 JOSE vulnerable to resource exhaustion via specifically crafted JWE

The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

EulerOS 2.0 SP9 : python-jwt (EulerOS-SA-2022-2331)

According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-2310)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an...

Fedora: Security Advisory for cloudcompare (FEDORA-2022-9cbdf39a5a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: cloudcompare-2.11.3-4.fc37

CloudCompare is a 3D point cloud and triangular mesh processing software. It has been originally designed to perform comparison between two 3D points clouds such as the ones obtained with a laser scanner or between a point cloud and a triangular mesh. It relies on a specific octree structure that...