PyFEX: Uncovering Evasive Python-Based Threats Via Resilient and Exhaustive Path Exploration

The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index PyPI, while also building evasive, cross-platform malicious binaries compiled from source code written in Python...

EUVD-2017-18328

Malware in sbrugna...

EUVD-2022-29294

Malicious code in bioql PyPI...

HAX 代码问题漏洞

HAX is a HAX+CMS open source microsite managed using a PHP backend by HAX The Web. A code issue vulnerability exists in HAX that stems from using a non-exhaustive blacklist to block only some file types, causing the system to fail open instead of closed...

CVE-2022-24402

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

CVE-2022-24402

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

CVE-2022-26943

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...

CVE-2022-24402

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

Design/Logic Flaw

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

CVE-2022-24402 Intentionally weakened effective strength in TETRA TEA1

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

PT-2023-12750 · Unknown · Tetra Tea1

Name of the Vulnerable Software and Affected Versions: TETRA TEA1 affected versions not specified Description: The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which...

Malicious code in funiquerandobmaoray (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf9345a9b3f654180874e0e72b6bac95c2d16a9e583925005ea943a5390cad78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE: Security Advisory (SUSE-SU-2018:2632-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2632-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9393

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search...

CVE-2017-9393

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search...

Cloudera Manager User Enumeration Vulnerability

Cloudera Manager is a set of Hadoop data management software from Cloudera, USA. The software supports the creation of clusters, authentication, data backup and recovery and so on. A user enumeration vulnerability exists in Cloudera Manager. An attacker can exploit the vulnerability to obtain val...