12 matches found
EUVD-2022-4164
Malicious code in bioql PyPI...
GHSA-M5M3-46GJ-WCH8 SIF's Digital Signature Hash Algorithms Not Validated
Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...
SIF's Digital Signature Hash Algorithms Not Validated
Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...
GHSA-HHR2-F668-FF2W Use of a weak cryptographic algorithm in Gradle
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...
Use of a weak cryptographic algorithm in Gradle
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...
CVE-2019-16370
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...
CVE-2019-16370
CVE-2019-16370 affects the PGP signing plugin for Gradle up to version 6.0. The root cause is reliance on SHA-1, enabling an attacker to replace an artifact with another having the same SHA-1 digest. This could permit spoofing/ tampering of artifacts. remediation: upgrade Gradle to 6.0 or later (...
openSUSE Security Update : subversion (openSUSE-2017-940)
This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. boo1051362 -...
Security update for subversion (important)
This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. boo1051362 -...
openSUSE: Security Advisory for subversion (openSUSE-SU-2017:2183-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Collision Attack
Apache Hive is vulnerable to collision attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1, in src/java/org/apache/hive/service/CookieSigner.java and src/java/org/apache/hadoop/hive/ql/udf/generic/GenericUDFMaskHash.java allowing the attackers to easily perfor...
CVE-2005-4900
The CVE-2005-4900 entry notes that SHA-1 is not collision resistant, enabling context-dependent spoofing attacks, with examples related to TLS 1.2. The provided materials do not specify affected products, versions, root causes within a specific product, or remediations. The entry serves as a gene...