Lucene search
K

337 matches found

OSV
OSV
added 2025/10/04 12:11 a.m.3 views

RLSA-2025:14493 Important: aide security update

Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fixes: aide: improper output neutralization enables bypassing CVE-2025-54389 For more details abou...

7.1CVSS6.5AI score0.0021EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42855

Malicious code in bioql PyPI...

6.8CVSS6.4AI score0.00533EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20339

Malicious code in bioql PyPI...

5.8CVSS6.5AI score0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34317

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58308

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00615EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2023-57825

Malicious code in bioql PyPI...

5.7CVSS5.7AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2025/10/03 7:56 p.m.5 views

RLSA-2025:14592 Important: aide security update

Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fixes: aide: improper output neutralization enables bypassing CVE-2025-54389 For more details abou...

7.1CVSS6.9AI score0.0021EPSS
Exploits1References2
NVD
NVD
added 2025/09/17 8:15 p.m.11 views

CVE-2025-59347

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...

6.9CVSS0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.2 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.3 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.2 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.3 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/17 7:57 p.m.1 views

CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

6.9CVSS6.3AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:28 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...

6.9CVSS6.5AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:28 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...

6.9CVSS6.5AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:28 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...

6.9CVSS6.5AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 7:28 p.m.3 views

GHSA-98X5-JW98-6C97 Dragonfly's manager makes requests to external endpoints with disabled TLS authentication

Impact The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client...

6.9CVSS6.8AI score0.00159EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/17 7:23 p.m.1 views

CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...

6.9CVSS6.2AI score0.00159EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.7 views

Dragonfly's manager makes requests to external endpoints with disabled TLS authentication

The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...

6.9CVSS6.7AI score0.00159EPSS
Exploits0References6Affected Software1
Apple
Apple
added 2025/09/15 12:0 a.m.10 views

About the security content of visionOS 26

About the security content of visionOS 26 This document describes the security content of visionOS 26. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

9.8CVSS7AI score0.73495EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder