Lucene search
K

81 matches found

OSV
OSV
added 2025/05/21 4:43 a.m.3 views

MAL-2025-4093 Malicious code in keypair-utilsee (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2a2d11e5c7234bf618c7909f22af17e0fd3787ec6e461114dfaca49fd2ef108 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/14 1:28 p.m.3 views

Malicious code in keypair-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dba96628edf26ee562bf2ef714531b6dbcd101c8a997a95d3fa94673be4754c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/05/14 1:28 p.m.3 views

MAL-2025-3791 Malicious code in keypair-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dba96628edf26ee562bf2ef714531b6dbcd101c8a997a95d3fa94673be4754c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/24 3:22 p.m.3 views

Malicious code in keypair-encryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c02f1145632762977fc8763c9f6ee3f5c9272b45196357654217a1bc1ce13bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/24 3:22 p.m.5 views

MAL-2025-3297 Malicious code in keypair-encryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c02f1145632762977fc8763c9f6ee3f5c9272b45196357654217a1bc1ce13bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/01 1:35 p.m.3 views

Malicious code in keypair-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568ba985579400ab47e546c13e36f6e7d3ff6e81d4411918b10eee2f384b349c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/01 1:35 p.m.2 views

MAL-2025-3027 Malicious code in keypair-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568ba985579400ab47e546c13e36f6e7d3ff6e81d4411918b10eee2f384b349c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/20 1:19 p.m.3 views

Malicious code in keypair-encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1265d869c665e7bb42b4827bc9f51ad572b2ce181edebfc84eeb5698e0e39048 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/20 1:19 p.m.2 views

MAL-2025-2573 Malicious code in keypair-encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1265d869c665e7bb42b4827bc9f51ad572b2ce181edebfc84eeb5698e0e39048 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:52 p.m.14 views

CVE-2022-29186

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

9.8CVSS7AI score0.01101EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/10 7:41 a.m.4 views

Malicious code in keypair-layout-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14dcde51dd210ea29065e53961174252e1e089b897e7470b76239c5b45799eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/12/10 7:41 a.m.11 views

MAL-2024-11763 Malicious code in keypair-layout-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14dcde51dd210ea29065e53961174252e1e089b897e7470b76239c5b45799eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/11/05 6:54 p.m.4 views

CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...

1.8CVSS4.4AI score0.00116EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/01 10:3 p.m.51 views

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2024/08/01 10:3 p.m.72 views

CVE-2024-41948

The CVE affects biscuit-java, the Java implementation of Biscuit tokens used for microservices authentication/authorization. A vulnerability exists in the handling of ThirdPartyBlock requests: a malicious user can forge a ThirdPartyBlockRequest and alter the publicKeys field, allowing an attacker...

5CVSS3.9AI score0.00283EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/08/01 10:3 p.m.78 views

CVE-2024-41949

Biscuit-rust is affected by a public key confusion in third-party blocks. A forged ThirdPartyBlock request can trick a third-party authority into generating datalog that trusts the wrong keypair, enabling under-specified trust relationships. The issue is described across multiple sources (CVE-202...

6.4CVSS4AI score0.00237EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.9 views

PT-2024-29656

Name of the Vulnerable Software and Affected Versions biscuit-rust affected versions not specified Description The issue concerns biscuit-rust, the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. A third-party block request forged by a...

6.4CVSS6.5AI score0.00237EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2024/04/17 7:28 p.m.28 views

CVE-2024-26861

In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...

4.1CVSS6.9AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/17 10:27 a.m.25 views

CVE-2024-26861 wireguard: receive: annotate data-race around receiving_counter.counter

In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...

7.8AI score0.00177EPSS
Exploits0References7
CVE
CVE
added 2024/04/17 10:27 a.m.6297 views

CVE-2024-26861

CVE-2024-26861 affects the Linux kernel wireguard receive path, where a data race around keypair->receiving_counter.counter was identified (READ_ONCE/WRITE_ONCE annotations used to mark the race as intentional). The race occurs between wg_packet_decrypt_worker and wg_packet_rx_poll, potentiall...

4.7CVSS6.3AI score0.00177EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder