81 matches found
MAL-2025-4093 Malicious code in keypair-utilsee (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2a2d11e5c7234bf618c7909f22af17e0fd3787ec6e461114dfaca49fd2ef108 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in keypair-encrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dba96628edf26ee562bf2ef714531b6dbcd101c8a997a95d3fa94673be4754c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3791 Malicious code in keypair-encrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dba96628edf26ee562bf2ef714531b6dbcd101c8a997a95d3fa94673be4754c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in keypair-encryptor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c02f1145632762977fc8763c9f6ee3f5c9272b45196357654217a1bc1ce13bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3297 Malicious code in keypair-encryptor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c02f1145632762977fc8763c9f6ee3f5c9272b45196357654217a1bc1ce13bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in keypair-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568ba985579400ab47e546c13e36f6e7d3ff6e81d4411918b10eee2f384b349c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3027 Malicious code in keypair-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568ba985579400ab47e546c13e36f6e7d3ff6e81d4411918b10eee2f384b349c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in keypair-encryption (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1265d869c665e7bb42b4827bc9f51ad572b2ce181edebfc84eeb5698e0e39048 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2573 Malicious code in keypair-encryption (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1265d869c665e7bb42b4827bc9f51ad572b2ce181edebfc84eeb5698e0e39048 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-29186
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...
Malicious code in keypair-layout-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14dcde51dd210ea29065e53961174252e1e089b897e7470b76239c5b45799eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11763 Malicious code in keypair-layout-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14dcde51dd210ea29065e53961174252e1e089b897e7470b76239c5b45799eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...
CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block
biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...
CVE-2024-41948
The CVE affects biscuit-java, the Java implementation of Biscuit tokens used for microservices authentication/authorization. A vulnerability exists in the handling of ThirdPartyBlock requests: a malicious user can forge a ThirdPartyBlockRequest and alter the publicKeys field, allowing an attacker...
CVE-2024-41949
Biscuit-rust is affected by a public key confusion in third-party blocks. A forged ThirdPartyBlock request can trick a third-party authority into generating datalog that trusts the wrong keypair, enabling under-specified trust relationships. The issue is described across multiple sources (CVE-202...
PT-2024-29656
Name of the Vulnerable Software and Affected Versions biscuit-rust affected versions not specified Description The issue concerns biscuit-rust, the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. A third-party block request forged by a...
CVE-2024-26861
In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...
CVE-2024-26861 wireguard: receive: annotate data-race around receiving_counter.counter
In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...
CVE-2024-26861
CVE-2024-26861 affects the Linux kernel wireguard receive path, where a data race around keypair->receiving_counter.counter was identified (READ_ONCE/WRITE_ONCE annotations used to mark the race as intentional). The race occurs between wg_packet_decrypt_worker and wg_packet_rx_poll, potentiall...