Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0103

Malware in sbrugna...

7.5CVSS7.4AI score0.01804EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.11 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1295)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...

9.3CVSS7.6AI score0.10047EPSS
Exploits2References3
NVD
NVD
added 2024/11/14 2:15 p.m.14 views

CVE-2024-9633

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain,...

7.5CVSS0.00437EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/08/23 2:39 p.m.1578 views

Exploit for Improper Encoding or Escaping of Output in Apache Http_Server

CVE-2024-38473 Nuclei Template !imagehttps://github.com/us...

8.1CVSS7.7AI score0.25878EPSS
Exploits1
Snyk
Snyk
added 2023/05/16 8:19 a.m.1 views

Malicious Package

Overview @bluebooster/libs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/28 8:19 a.m.2 views

Malicious Package

Overview cirrus-matchmaker is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/14 8:19 a.m.1 views

Malicious Package

Overview @testingsecurity/toxic-pkg-dont-use is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.0 views

Malicious Package

Overview yandex-global-state-controller is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/10/01 8:12 a.m.3 views

Malicious Package

Overview pages-functions-with-routes-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/06/23 9:25 a.m.2 views

Malicious Package

Overview git-dependency-maker is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7AI score
Exploits0References3
Debian CVE
Debian CVE
added 2021/06/24 1:17 p.m.32 views

CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox.. This vulnerability...

5.3CVSS5.1AI score0.01522EPSS
Exploits0
OSV
OSV
added 2017/08/24 4:29 p.m.18 views

CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

7.5CVSS7.4AI score
Exploits0References2
Veracode
Veracode
added 2017/08/16 10:26 p.m.26 views

Key Confusion Attacks

PyJWT is vulnerable to asymmetric/symmetric key confusion attacks. PKCS1 PEM keys that begin with -----BEGIN RSA PUBLIC KEY----- will not be rejected by the invalidstrings check in HMACAlgorithm.preparekey. Using this flaw, attackers can cause symmetric/asymmetric confusion and create JWTs from...

7.5CVSS7.2AI score0.01804EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2016/11/16 4:42 p.m.10 views

Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50

Mozilla addressed 29 vulnerabilities, three rated critical, when it released the latest iteration of its flagship browser, Firefox 50 and Firefox ESR 45.5, on Tuesday. Firefox developers said this week that it might take some effort, but at least two of the critical bugs could be exploited to run...

0.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.25 views

Mandriva Linux Security Advisory : nginx (MDVSA-2015:094)

Updated nginx package fixes security vulnerabilities : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution...

7.5CVSS9.1AI score0.09293EPSS
Exploits1References4
Rows per page
Query Builder