[SECURITY] Fedora 44 Update: opkssh-0.13.0-8.fc44

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

GHSA-4V42-65R3-3GJX Amazon S3 Encryption Client for .NET has a Key Commitment Issue

Summary S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible...

EUVD-2020-22293

Malware in sbrugna...

EUVD-2011-2176

Malware in sbrugna...

EUVD-2024-45562

Malicious code in bioql PyPI...

Security Bulletin: UC Deploy Container images may contain non-unique https certificates and database encryption key. (CVE-2021-39082 )

Summary CVE-2021-39082 The provided UC Deploy Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Vulnerability Details...

CVE-2020-2500

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and...

MAL-2022-41 Malicious code in 6jestlr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8502727faa86fcf1f0e21fabb5be58cb389a0bc6f108397bb8942a91584121f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber...

Nextcloud Server server-side encryption key underprotection vulnerability (CNVD-2020-66860)

Nextcloud is a set of client-server software for creating file hosting services and using them. A server-side insufficient encryption key protection vulnerability exists in Nextcloud Server 19.0.1. An attacker can exploit the vulnerability to replace the public key and decrypt the encryption key...

PT-2020-19987 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace the public key and potentially decrypt them later. This could lead to an elevation of...

Code injection

MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the...

Security advisory YSA-2019-02 | Yubico

Who should read this advisory? Customers, IT Managers, or FIPS Crypto Officers who use or manage YubiKey FIPS Series devices. An issue exists in YubiKey FIPS Series devices, versions 4.4.2 and 4.4.4 please note, there is no released firmware version 4.4.3. , where the first set of random values...

password-store -- GPG parsing vulnerabilities

Jason A. Donenfeld reports: Markus Brinkmann discovered that the parsing of gpg command line output with regexes isn't anchored to the beginning of the line, which means an attacker can generate a malicious key that simply has the verification string as part of its username. This has a number of...

Advisory: PGP 7.0 signature verification vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Pretty Good Privacy Severity: Medium to high Impact: Users with write access to signed exported key blocks may replace them with arbitrary keys without any warning being issued upon import of those keys Local: Yes Remote: No though...

Проблемы с eToken

При наличии физического доступа к устройству возможно подменить PIN/ключ доступа путем перепрошивки EPROM...