10 matches found
Malicious code in harness-skil (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e03ab8467953cd2233e07e792a33c7df7be2c99c66da3b814538a169337b93e6 The package's install.js wired to an npm install lifecycle hook requires childprocess, fs, and https, then issues an https.get to a...
Malicious code in claude-content-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...
MAL-2026-4524 Malicious code in claude-content-writer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719 On npm install, the package's postinstall hook runs scripts/install-dependencies.sh, which performs git clone --depth 1...
CVE-2025-53520 EG4 Electronics EG4 Inverters Download of Code Without Integrity Check
The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...
CVE-2025-32890
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
CVE-2025-32882
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
PT-2024-30298 · Gotenna · Gotenna Pro Atak Plugin
Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable t...
Huawei HiSuite Man-in-the-Middle Attack Vulnerability
Huawei HiSuite is a set of cell phone assistant software for PC from Huawei, China. A security vulnerability exists in Huawei HiSuite version 4.0.5.300OVE due to the program using unencrypted HTTP to download upgrade packages and failing to check the integrity of the packages before installation...
AZL-41159 CVE-2013-1633 affecting package python-pip 24.2-6
easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product...
PYSEC-2013-8
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation...