Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

EUVD-2019-3227

Malware in sbrugna...

EUVD-2010-4609

Malware in sbrugna...

Russia Is Cracking Down on End-to-End Encrypted Calls

Plus: ICE agents accidentally add a random person to a sensitive group chat, Norwegian intelligence blames the Kremlin for hacking a dam, and new facial recognition vans roam the UK...

MAL-2025-34963 Malicious code in test-mlw2-blame-witan (npm)

The package test-mlw2-blame-witan was found to contain malicious code...

Malicious code in test-mlw2-blame-witan (npm)

The package test-mlw2-blame-witan was found to contain malicious code...

Keeping Pace and Embracing Emerging Technologies

Trend Micro and the NEOM McLaren Formula E Team stay ahead of the curve by embracing new technologies, fostering a no-blame culture, and making split-second decisions in high-stakes environments...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Hacking Spree Hits UK Retail Giants

Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death...

A week in security (January 1 – January 7)

Last week on Malwarebytes Labs: Police investigate sexual assault on an avatar How AI hallucinations are making bug hunting harder Explained: SMTP smuggling Facebook introduces another way to track you – Link History 23andMe blames "negligent" breach victims, says it’s their own fault Microsoft...

Blamer Parameter Injection Vulnerability

Blamer is a tool for obtaining code author information from a version control system. A security vulnerability exists in Blamer versions prior to 1.0.4, which stems from an arbitrary parameter injection vulnerability in the blameByFile API...

PT-2023-20521 · Blamer · Blamer

Name of the Vulnerable Software and Affected Versions: blamer versions prior to 1.0.4 Description: The issue is related to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path, nor does it properly pass command-line fla...

SUSE CVE-2004-0749

The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...

SUSE CVE-2010-4644

Multiple memory leaks in revhunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service memory consumption and daemon crash via the -g option to the blame command...

SUSE CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

SUSE CVE-2019-11556

Pagure before 5.6 allows XSS via the templates/blame.html blame view...

console-blame (>=1.0.0 <=1.1.1), grunt-lintblame (>=0.1.0 <=0.3.5) +2 more potentially affected by CVE-2020-28434 via gitblame (>=0.1.0 <=0.1.1)

gitblame NPM version =0.1.0, =1.0.0, =0.1.0, =0.2.5, =0.9.5 - tch-lint-jshint =0.0.1 Source cves: CVE-2020-28434 Source advisory: OSV:GHSA-3486-RVXC-HRRJ...

USN-5138-1 python-py vulnerability

The py.path.svnwc component of py aka python-py through v1.9.0 contains a regular expression with an ambiguous subpattern that is susceptible to catastrophic backtracing. This could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame...

MGASA-2021-0206 Updated pagure packages fix a security vulnerability

Pagure before 5.6 allows XSS via the templates/blame.html blame view...

Updated pagure packages fix a security vulnerability

Pagure before 5.6 allows XSS via the templates/blame.html blame view...