Lucene search
K

140 matches found

Vulnrichment
Vulnrichment
added 2025/11/12 9:32 p.m.3 views

CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS7.1AI score0.00108EPSS
Exploits0References4
CVE
CVE
added 2025/11/12 9:32 p.m.32 views

CVE-2025-64429

DuckDB 1.4.0–pre-1.4.2 encryption implementation is vulnerable due to multiple cryptographic weaknesses: insecure RNG (pcg32 fallback), possible memory wipe omission (memset) leaving secrets, and header manipulation could downgrade from GCM to CTR, bypassing integrity. There may also be unhandled...

6.9CVSS7.1AI score0.00108EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

DuckDB 加密问题漏洞

DuckDB is an in-process SQL OLAP database management system from DuckDB open source. A cryptographic issue vulnerability exists in DuckDB versions 1.4.0 through prior to 1.4.2, which stems from a cryptographic implementation issue that could lead to key disclosure or bypass integrity checks...

6.9CVSS7AI score0.00108EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.8 views

PT-2025-46723

Name of the Vulnerable Software and Affected Versions DuckDB versions 1.4.0 through 1.4.1 Description DuckDB, a SQL database management system, contains issues related to its block-based encryption implementation introduced in version 1.4.0. The system can fall back to an insecure random number...

6.9CVSS7.1AI score0.00108EPSS
Exploits0References7
Veracode
Veracode
added 2025/10/15 4:18 a.m.6 views

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

8.6CVSS7.4AI score0.00349EPSS
Exploits0References5Affected Software4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0052

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00813EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6920

Malicious code in bioql PyPI...

8.3CVSS8.4AI score0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7043

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01311EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7076

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01083EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.8 views

CVE-2025-59037

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS7.7AI score0.00349EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-9264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitize...

9.9CVSS7.3AI score0.97781EPSS
Exploits10References2
NVD
NVD
added 2025/09/09 9:15 p.m.10 views

CVE-2025-59037

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS0.00349EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/09 8:45 p.m.8 views

Embedded Malicious Code

Overview @duckdb/node-api is an API for using DuckDB in Node. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code...

9.8CVSS6.8AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/09 8:45 p.m.1 views

Embedded Malicious Code

Overview @duckdb/duckdb-wasm is an in-process analytical SQL database for the browser. It is powered by WebAssembly, speaks Arrow fluently, reads Parquet, CSV and JSON files backed by Filesystem APIs or HTTP requests and has been tested with Chrome, Firefox, Safari and Node.js. Affected versions ...

9.8CVSS7.3AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/09 8:45 p.m.1 views

Embedded Malicious Code

Overview @duckdb/node-bindings is a Node bindings to the DuckDB C API. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected...

9.8CVSS6.8AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/09 8:45 p.m.4 views

Embedded Malicious Code

Overview duckdb is a Node.js API for DuckDB, the "SQLite for Analytics". The API for this client is somewhat compliant to the SQLite Node.js client for easier transition and transition you must eventually. Affected versions of this package are vulnerable to Embedded Malicious Code. This package...

9.8CVSS6.8AI score0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/09 8:26 p.m.2 views

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS7.1AI score0.00349EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 8:26 p.m.72 views

CVE-2025-59037

CVE-2025-59037 covers DuckDB npm packages where four Node.js packages were briefly compromised with malware: @duckdb/[email protected], @duckdb/[email protected], [email protected], and @duckdb/[email protected]. The malicious versions attempted to interfere with cryptocurrency transactions. DuckDB de...

8.6CVSS7.2AI score0.00349EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:26 p.m.7 views

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS7.4AI score0.00349EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/09 8:26 p.m.18 views

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS0.00349EPSS
Exploits0References3
Rows per page
Query Builder