EUVD-2022-25992

Malicious code in bioql PyPI...

PT-2025-25762 · Unknown · Conda-Smithy

Name of the Vulnerable Software and Affected Versions: conda-smithy versions prior to 3.47.1 Description: The issue results from the use of an outdated and insecure padding scheme during RSA encryption in the travis encrypt binstar token implementation. A malicious actor with access to an oracle...

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

OPENSUSE-SU-2020:1016-1 Security update for mumble

This update for mumble fixes the following issues: mumble was updated 1.3.2: client: Fixed overlay not starting Update to upstream version 1.3.1 - Security Fixed: Potential exploit in the OCB2 encryption 4227 boo1174041 - ICE Fixed: Added missing UserKDFIterations field to UserInfo = Prevents...

FiSH-irssi 0.99 Buffer Overflow

FiSH IRC encryption evil ircd PoC exploit. Abuses CVE-2007-1397 Bad ircd, nasty bnc provider, nicknames over 100 char -- ruin. Runs arbitrary code which which in this case shuts down irssi. Tested on my own compiled FiSH with irssi/fedora/x86 There are a lot more problems like this one, you shoul...

Certain implementations of SSH1 may reveal internal cryptologic state

Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...