213 matches found
[SECURITY] Fedora 41 Update: rust-attribute-derive-macro-0.10.5-1.fc41
Clap for proc macro attributes...
EUVD-2022-0554
Malicious code in bioql PyPI...
EUVD-2022-0715
Malicious code in bioql PyPI...
EUVD-2023-29184
Malicious code in bioql PyPI...
EUVD-2023-30887
Malicious code in bioql PyPI...
@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)
tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...
RagatagSorter (>=3.2.0 <=3.2.1), aa2nucaln (=0.1.1) +418 more potentially affected by unknown CVE via custom_derive (=0.1.7)
customderive CARGO version =0.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on customderive and may be impacted: - RagatagSorter =3.2.0, =0.9.0, =0.4.0, =0.1.1, =0.2.0, =0.4.3, =0.1.0, =0.1.0, =0.1.0-alpha.1, =0.1.0, =3.1.3, =3.10.0 and more Source...
RUSTSEC-2025-0058 custom_derive crate is unmaintained
The customderive crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - strum - macro-attr...
custom_derive crate is unmaintained
The customderive crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - strum - macro-attr...
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
...
Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...
DEBIAN-CVE-2025-23166
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2024-47829 via pnpm (>=0.21.0 <=0.60.3)
pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =2.3.0, =0.1.0, =0.3.0 Source cves: CVE-2024-47829 Source advisory: OSV:GHSA-8CC4-RFJ6-FHG4...
Malicious code in @hongfangze/derive (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26e43acbc8a628be253e93356cf6e0c1d304680b286519fdf143088ae0136e44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2024-12905 via tar-fs (>=0.1.8 <=1.16.3)
tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2024-12905 Source advisory: OSV:GHSA-PQ67-2WWV-3X...
Astra Linux – Vulnerability in Firefox
The NSCDeriveKey function inadvertently assumed that the phKey parameter was always non-NULL. When the parameter was passed as NULL, a segmentation fault occurred, resulting in crashes. This behavior conflicts with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanism...
The vulnerability of the NSC_DeriveKey function in the Mozilla Firefox browser and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the NSCDeriveKey function in the Mozilla Firefox browser and the Thunderbird email client is related to an error in pointer manipulation when processing the phKey parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, a...
SUSE CVE-2024-11705
NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...
CVE-2024-11705
NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...
UBUNTU-CVE-2024-11705
NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...