Lucene search
+L

213 matches found

Fedora
Fedora
added 2025/11/03 1:2 a.m.9 views

[SECURITY] Fedora 41 Update: rust-attribute-derive-macro-0.10.5-1.fc41

Clap for proc macro attributes...

8.1CVSS7AI score0.00677EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-0554

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01191EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0715

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01053EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-29184

Malicious code in bioql PyPI...

7.8CVSS7.3AI score0.00333EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-30887

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.0085EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.15 views

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...

8.7CVSS6AI score0.00516EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/07 12:0 p.m.5 views

RagatagSorter (>=3.2.0 <=3.2.1), aa2nucaln (=0.1.1) +418 more potentially affected by unknown CVE via custom_derive (=0.1.7)

customderive CARGO version =0.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on customderive and may be impacted: - RagatagSorter =3.2.0, =0.9.0, =0.4.0, =0.1.1, =0.2.0, =0.4.3, =0.1.0, =0.1.0, =0.1.0-alpha.1, =0.1.0, =3.1.3, =3.10.0 and more Source...

5.8AI score
Exploits0
OSV
OSV
added 2025/09/07 12:0 p.m.8 views

RUSTSEC-2025-0058 custom_derive crate is unmaintained

The customderive crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - strum - macro-attr...

6.9AI score
Exploits0References3
RustSec
RustSec
added 2025/09/07 12:0 p.m.10 views

custom_derive crate is unmaintained

The customderive crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - strum - macro-attr...

6.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.9 views

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

...

7.5CVSS7.3AI score0.00763EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2025/06/03 12:0 a.m.11 views

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.7AI score0.00763EPSS
Exploits0References4
OSV
OSV
added 2025/05/19 2:15 a.m.1 views

DEBIAN-CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.8AI score0.00763EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/04/23 2:5 p.m.8 views

@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2024-47829 via pnpm (>=0.21.0 <=0.60.3)

pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =2.3.0, =0.1.0, =0.3.0 Source cves: CVE-2024-47829 Source advisory: OSV:GHSA-8CC4-RFJ6-FHG4...

6.5CVSS6.5AI score0.00204EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/02 6:53 a.m.4 views

Malicious code in @hongfangze/derive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26e43acbc8a628be253e93356cf6e0c1d304680b286519fdf143088ae0136e44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/03/27 6:31 p.m.7 views

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2024-12905 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2024-12905 Source advisory: OSV:GHSA-PQ67-2WWV-3X...

7.5CVSS6.6AI score0.02186EPSS
Exploits2
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Firefox

The NSCDeriveKey function inadvertently assumed that the phKey parameter was always non-NULL. When the parameter was passed as NULL, a segmentation fault occurred, resulting in crashes. This behavior conflicts with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanism...

9.1CVSS6.5AI score0.00659EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/01/06 12:0 a.m.7 views

The vulnerability of the NSC_DeriveKey function in the Mozilla Firefox browser and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NSCDeriveKey function in the Mozilla Firefox browser and the Thunderbird email client is related to an error in pointer manipulation when processing the phKey parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, a...

9.4CVSS6.6AI score0.00659EPSS
Exploits0References13Affected Software3
SUSE CVE
SUSE CVE
added 2024/11/27 4:4 a.m.4 views

SUSE CVE-2024-11705

NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...

5.3CVSS8.3AI score0.00659EPSS
Exploits0References4
OSV
OSV
added 2024/11/26 2:15 p.m.8 views

CVE-2024-11705

NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...

9.1CVSS5.7AI score0.00659EPSS
Exploits0References3
OSV
OSV
added 2024/11/26 2:15 p.m.2 views

UBUNTU-CVE-2024-11705

NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...

9.1CVSS5.8AI score0.00659EPSS
Exploits0References7
Rows per page
Query Builder