GSD-2022-1006586 net/sched: taprio: avoid disabling offload when it was never enabled

net/sched: taprio: avoid disabling offload when it was never enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.146 by commit...

PYSEC-2022-301

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

PT-2022-25406 · Nps · Nps

Name of the Vulnerable Software and Affected Versions: NPS versions prior to 0.26.10 Description: The issue allows for an authentication bypass via constantly generating and sending the Auth key and Timestamp parameters. Recommendations: For versions prior to 0.26.10, update to version 0.26.10 or...

Huge increase in smishing scams, warns IRS

The Internal Revenue Service IRS has issued a warning for taxpayers about a recent increase in IRS-themed smishing scams aimed at stealing personal and financial information. Smishing is short for SMS phishing, where the phishes are sent via text message. The IRS has identified and reported...

Malicious Package

Overview pages-functions-with-routes-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

Malicious Package

Overview v2ish1yan is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview chia-docs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview tangeshaiou is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview lengf233 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

GHSA-8FG9-P83M-X5PQ ReDoS issue in dparse

Impact dparse versions prior to 0.5.1 contain a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. All users parsing index server URLs with dparse are impacted by this vulnerability. Patches The Patch is applied in the 0.5.2 version, all users are recommended to...

PT-2022-24866 · Pypi · Dparse

Name of the Vulnerable Software and Affected Versions: dparse versions prior to 0.5.2 Description: dparse is a parser for Python dependency files. The issue concerns a regular expression that is vulnerable to a Regular Expression Denial of Service ReDoS. All users parsing index server URLs with...

Malicious Package

Overview @dtci/eq-ui-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview sb1-atbyls-idanecoa is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

Malicious Package

Overview migrate-ux-react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview bjabaiheiiyuuui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview democritus-json is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-json package. References - GitHub Issue - GitHub...

Malicious Package

Overview democritus-hypothesis is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-hypothesis package. References - GitHub Iss...

Malicious Package

Overview democritus-dates is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-dates package. References - GitHub Issue - GitHu...

Malicious Package

Overview democritus-domains is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-domains package. References - GitHub Issue -...

Malicious Package

Overview duckduckgo-privacy-extension is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...