58 matches found
Parser-Free Querying of Security Logs
Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source parsers to normalize logs into structured schemas, is...
EUVD-2015-1496
Malware in sbrugna...
EUVD-2024-3492
Malicious code in bioql PyPI...
EUVD-2023-30272
Malicious code in bioql PyPI...
EUVD-2025-14756
Malicious code in bioql PyPI...
EUVD-2025-21409
Malicious code in bioql PyPI...
EUVD-2025-21723
Malicious code in bioql PyPI...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...
GO-2025-3787 May leak sensitive information in logs when processing malformed data in github.com/go-viper/mapstructure
May leak sensitive information in logs when processing malformed data in github.com/go-viper/mapstructure...
CVE-2025-41665
creationtimestamp| type| source ---|---|--- 2025-07-08 07:11:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/114816362788303261 2025-07-08 07:11:10+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3ltgqovnswf72 2025-07-08 09:42:38+00:00| seen|...
TencentOS Server 4: kubernetes (TSSA-2024:0807)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0807 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft Account MSA signing service to Azure confidential virtual machines VMs and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed...
CVE-2025-31484
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
CVE-2025-31484
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
CVE-2025-31484
CVE-2025-31484 affects the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, the infrastructure used the wrong Azure cf-staging access token, allowing any feedstock maintainer to upload a package to the conda-forge channel and bypass the standard feedstock-token + upload process. The...
CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...