337 matches found
RLSA-2025:14493 Important: aide security update
Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fixes: aide: improper output neutralization enables bypassing CVE-2025-54389 For more details abou...
EUVD-2024-42855
Malicious code in bioql PyPI...
EUVD-2025-20339
Malicious code in bioql PyPI...
EUVD-2024-34317
Malicious code in bioql PyPI...
EUVD-2023-58308
Malicious code in bioql PyPI...
EUVD-2023-57825
Malicious code in bioql PyPI...
RLSA-2025:14592 Important: aide security update
Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fixes: aide: improper output neutralization enables bypassing CVE-2025-54389 For more details abou...
CVE-2025-59347
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...
GHSA-98X5-JW98-6C97 Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
Impact The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client...
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...
About the security content of visionOS 26
About the security content of visionOS 26 This document describes the security content of visionOS 26. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...