MAL-2026-4362 Malicious code in @arbocollab/arbo-web-people (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f007c3da95aa64e4c2ed5b51b736900ddc444499f2f678d749603fab516a0c3 The published tarball ships npmjs.npmrc containing a live npm-prefixed authToken for registry.npmjs.org scoped to @arbocollab. package.json declares...

EUVD-2023-46405

Malicious code in bioql PyPI...

Malicious code in test-deprecate-1 (npm)

The package test-deprecate-1 was found to contain malicious code...

MAL-2025-34769 Malicious code in test-deprecate-1 (npm)

The package test-deprecate-1 was found to contain malicious code...

pesign security update

0.112-27.0.1 - Update Oracle Linux test certificates Orabug: 31928433 - Apply pesigcheck-Mark-the-imported-certificate-as-trusted.patch Orabug: 31928433 - update Oracle Linux certificates Alexey Petrenko - remove obsoletes of pesign-rh-test-certs Orabug 29222572 0.112-27 - Deprecate...

pesign security update

115-6.0.1 - Update Oracle Linux test certificates Orabug: 31928433 115-6 - Fix chmod invocation - Resolves: CVE-2022-3560 115-5 - Deprecate pesign-authorize and drop ACL use - Resolves: CVE-2022-3560...

Pivotal Spring Framework contains unsafe Java deserialization methods

Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...

CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

[SECURITY] Fedora 34 Update: dovecot-fts-xapian-1.4.13-1.fc34

This project intends to provide a straightforward, simple and maintenance free, way to configure FTS plugin for Dovecot, leveraging the efforts by the Xapian.org team. This effort came after Dovecot team decided to deprecate "ftssquat" included in the dovecot core, and due to the complexity of th...

Fedora 25 : php-horde-Horde-Core (2017-b812362f61)

HordeCore 2.30.0 - jan SECURITY: Fix XSS vulnerability with pathinfo component in Horde::selfUrl. - jan Deprecate Horde::redirect. - jan Add Horde::signUrl and Horde::verifySignedUrl. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

Mozilla Wants to Drop WoSign as Trusted CA

Mozilla has accused a Chinese Certificate Authority of back-dating SHA-1 certificates to get around restrictions barring deprecated certs from being trusted, and is ready to ban the CA for one year. The back-dating is just one of many violations derived after a lengthy investigation of WoSign and...

Oracle to Kill Java Plugin

It’s the end of an era. Oracle has announced its intent to nail the coffin shut on the Java browser plugin. The company confirmed Wednesday that it expects to deprecate the plugin in JDK 9, slated for release in September, and JRE, in a future Java SE release. Dalibor Topic, a member of Oracle’s...

Microsoft Considers Earlier SHA-1 Deprecation Deadline

Tech companies continue to back away from SHA-1 like it’s an infectious disease. Microsoft, which already had plans to deprecate the crusty cryptographic algorithm by the start of 2017, decided this week to move up that deadline six months. The company said it’s considering whether it will start...

Security Advisory 2868725: Recommendation to disable RC4

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secur...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests DoS It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the...

Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)

New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...