CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Imperva Blog•added 2024/01/11 4:31 p.m.•29 views

Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI

Python Package Index PyPI is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform’s repository aimed at delivering malware to steal the victims information, or more frequently, to...

7AI score

The Hacker News•added 2024/01/04 10:35 a.m.•33 views

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

Three new malicious packages have been discovered in the Python Package Index PyPI open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the...

7.8AI score

OSV•added 2023/12/25 11:25 p.m.•12 views

MAL-2023-8765 Malicious code in multicolored (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89f0e1660e4708cd5f0568f9c85ea2f35f883c21cb0f6a7d37e4d9d25a1dc8c8 The OpenSSF Package Analysis project identified 'multicolored' @ 1.0.0 pypi as malicious. It is considered malicious because: - The package...

7.3AI score

OSV•added 2023/12/25 10:45 p.m.•15 views

MAL-2023-8770 Malicious code in vibrant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aaa7491953b666535f724cc8b060802509b09ef8e13b4f3c5ebaa6a0554e4c17 The OpenSSF Package Analysis project identified 'vibrant' @ 1.0.0 pypi as malicious. It is considered malicious because: - The package...

7.3AI score

OSV•added 2023/12/25 9:20 p.m.•7 views

MAL-2023-8769 Malicious code in richcolor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 50d5904bd379a75fd43115d7339df3d79f87ec691026774160b15b8632a9f8ae Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

OSV•added 2023/12/25 9:15 p.m.•7 views

MAL-2023-8764 Malicious code in excaliburx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d763da65172935a20c3b03c65deff16a2eb251d857d1fc34e4cc67b72f7610a Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

OSV•added 2023/12/25 8:50 p.m.•9 views

MAL-2023-8767 Malicious code in newpackagetest2027 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7c1e4acddbaeafd87b1cce82ddc1025a3e5abd4c285a2fd2e7fcff07d37d500e Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

OSV•added 2023/12/25 8:50 p.m.•15 views

MAL-2023-8768 Malicious code in newpackagetest2028 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f8a309179fb8daa3b3ff1d8a250fe566f5d138ab913e435928491185de07f1c Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

OSV•added 2023/12/25 8:46 p.m.•6 views

MAL-2023-8766 Malicious code in newpackagetest2026 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b2facdf5925f09b064136d0c919a80e0e83d0a13b4b6f9d903162352c586dc9 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

vulnersOsv•added 2023/12/19 1:15 p.m.•3 views

3m (=0.1.0), accord-nlp (>=0.1.0 <=0.1.8) +809 more potentially affected by CVE-2023-6730 via transformers (>=2.10.0 <=4.35.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.0.4, =0.0.4, =0.0.11, =0.0.13, =0.0.15, =1.2.3, =1.3.106 and more Source cves: CVE-2023-6730 Source advisory: OSV:PYSEC-2023-300...

9CVSS7.7AI score0.00161EPSS

Exploits1

Veracode•added 2023/12/19 6:46 a.m.•67 views

Rogue Session Attack (Terrapin)

ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...

5.9CVSS6.5AI score0.51662EPSS

Exploits4References120Affected Software28

The Hacker News•added 2023/12/14 3:26 p.m.•29 views

116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems

Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index PyPI repository that are designed to infect Windows and Linux systems with a custom backdoor. "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard...

7.5AI score

IBM Security Bulletins•added 2023/12/08 2:31 p.m.•16 views

Security Bulletin: A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010_x86_64.whl affects Data Replication on Cloud Pak for Data

Summary A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010x8664.whl has been addressed. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName...

7.4CVSS7.5AI score0.88334EPSS

Exploits1Affected Software1

OSV•added 2023/12/01 9:54 p.m.•11 views

MAL-2023-8651 Malicious code in lodestone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5569d9f5d17acc6330446faa4b9f8eff7b389a4cde9698946b8473c5bd8e74e The OpenSSF Package Analysis project identified 'lodestone' @ 0.0.58 pypi as malicious. It is considered malicious because: - The package...

7.1AI score