Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-4164

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.01025EPSS
Exploits1References5
OSV
OSV
added 2022/10/06 7:54 p.m.38 views

GHSA-M5M3-46GJ-WCH8 SIF's Digital Signature Hash Algorithms Not Validated

Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...

6.3CVSS7.5AI score0.09854EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/10/06 7:54 p.m.54 views

SIF's Digital Signature Hash Algorithms Not Validated

Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...

9.8CVSS7.6AI score0.00477EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/24 4:56 p.m.29 views

GHSA-HHR2-F668-FF2W Use of a weak cryptographic algorithm in Gradle

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

5.9CVSS5.8AI score0.01025EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.36 views

Use of a weak cryptographic algorithm in Gradle

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

5.9CVSS3AI score0.01025EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/07 6:36 a.m.70 views

CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

5.9CVSS3.1AI score0.01025EPSS
Exploits1References3
CVE
CVE
added 2019/09/16 5:50 p.m.174 views

CVE-2019-16370

CVE-2019-16370 affects the PGP signing plugin for Gradle up to version 6.0. The root cause is reliance on SHA-1, enabling an attacker to replace an artifact with another having the same SHA-1 digest. This could permit spoofing/ tampering of artifacts. remediation: upgrade Gradle to 6.0 or later (...

5.9CVSS5.8AI score0.01025EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/08/18 12:0 a.m.25 views

openSUSE Security Update : subversion (openSUSE-2017-940)

This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. boo1051362 -...

9.8CVSS7.7AI score0.18892EPSS
Exploits3References5
OPENSUSE Linux
OPENSUSE Linux
added 2017/08/17 12:9 a.m.79 views

Security update for subversion (important)

This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. boo1051362 -...

4.3CVSS5.5AI score0.18892EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2017/08/17 12:0 a.m.28 views

openSUSE: Security Advisory for subversion (openSUSE-SU-2017:2183-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.3AI score0.18892EPSS
Exploits3References1
Veracode
Veracode
added 2017/08/14 4:39 a.m.32 views

Collision Attack

Apache Hive is vulnerable to collision attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1, in src/java/org/apache/hive/service/CookieSigner.java and src/java/org/apache/hadoop/hive/ql/udf/generic/GenericUDFMaskHash.java allowing the attackers to easily perfor...

5.9CVSS5.9AI score0.00938EPSS
Exploits0
CVE
CVE
added 2016/10/14 4:0 p.m.286 views

CVE-2005-4900

The CVE-2005-4900 entry notes that SHA-1 is not collision resistant, enabling context-dependent spoofing attacks, with examples related to TLS 1.2. The provided materials do not specify affected products, versions, root causes within a specific product, or remediations. The entry serves as a gene...

5.9CVSS5.7AI score0.00938EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder