25 matches found
EUVD-2024-2807
Malicious code in bioql PyPI...
EUVD-2025-12373
Malicious code in bioql PyPI...
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index PyPI repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gai...
CVE-2025-2517
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager...
CVE-2025-2517
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager...
CVE-2025-2517
Technical details about CVE-2025-2517 are not publicly available in the provided documents. Monitoring for updates from vendors and security feeds is advised.
CVE-2025-2517 Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager...
CVE-2025-2517 Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager...
PT-2025-17437 · Opentext · Opentext Arcsight Enterprise Security Manager
Name of the Vulnerable Software and Affected Versions: OpenText ArcSight Enterprise Security Manager affected versions not specified Description: The issue concerns a Reference to Expired Domain Vulnerability. There is no information provided about the estimated number of potentially affected...
OpenText ArcSight Enterprise Security Manager 安全漏洞
OpenText ArcSight Enterprise Security Manager is a powerful and adaptable SIEM from OpenText Canada that provides comprehensive data collection and real-time threat analysis. A security vulnerability exists in OpenText ArcSight Enterprise Security Manager that stems from referencing an expired...
CVE-2024-22030
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The...
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The...
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The...
PT-2024-19165 · Rke2 +2 · Rke2 +2
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.7.0 through 2.7.14 Rancher versions 2.8.0 through 2.8.7 Rancher versions 2.9.0 through 2.9.1 Description: A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a...
SUSE CVE-2024-22030
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The...
Researchers Hijack Popular NPM Package with Millions of Downloads
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack. "The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria...
Researchers Hijack Popular NPM Package with Millions of Downloads
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack. "The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria...
Design/Logic Flaw
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...
Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys
Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package...
CVE-2019-0227: Expired Domain to Remote Code Execution in Apache Axis
The post CVE-2019-0227: Expired Domain to Remote Code Execution in Apache Axis appeared first on Rhino Security Labs...