44 matches found
MAL-2025-48960 Malicious code in @apache-netbeans/netbeans-antora-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64c5548a67ff295a5fef8341e288347ac54fd9677bfd0be6e0752cc670888f37 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @apache-netbeans/netbeans-antora-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
EUVD-2020-4309
Malware in sbrugna...
EUVD-2018-8961
Malware in sbrugna...
EUVD-2022-2969
Malicious code in bioql PyPI...
EUVD-2022-3568
Malicious code in bioql PyPI...
CVE-2019-17561
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...
CVE-2019-17560
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...
Improper Certificate Validation in Apache Netbeans
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. "Apache NetBeans" versions up to and including 11.2 are...
GHSA-7C2M-VWXW-5QWW Improper Certificate Validation in Apache Netbeans
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. "Apache NetBeans" versions up to and including 11.2 are...
Improper Verification of Cryptographic Signature in Apache Netbeans
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. NetBeans releases before the Apache transition started...
GHSA-CF8Q-J9H3-7237 Improper Verification of Cryptographic Signature in Apache Netbeans
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. NetBeans releases before the Apache transition started...
Improper synchronization in Apache Netbeans HTML/Java API
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows...
GHSA-PPC3-FPVH-7396 Improper synchronization in Apache Netbeans HTML/Java API
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows...
Apache Netbeans-html4j Competition Condition Issue Vulnerability
Apache Netbeans-html4j is a Java-based and cross-platform Apache Foundation software for Java-Javascript interaction. A security vulnerability exists in the Apache Netbeans-html4j API version 1.7.1 HTML/Java, which results from a race condition between deleting temporary files and creating...
CVE-2020-11986
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...
CVE-2020-11986
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...
CVE-2020-11986
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...
Code injection
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...
CVE-2020-11986
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...