Lucene search
K

8 matches found

OSV
OSV
added 2026/04/09 5:37 p.m.6 views

GHSA-3VVQ-Q2QC-7RMP OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification

Impact B-M3: ClawHub package downloads are not enforced with integrity verification. ClawHub downloads could install plugin archives without enforcing archive or per-file integrity metadata. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and doe...

7.1CVSS5.8AI score0.00139EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/21 8:29 a.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.20 views

Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

8.8CVSS8.1AI score0.00986EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/03/23 7:19 a.m.102 views

Man-in-the-Middle (MitM)

lix is vulnerable to man-in-the-middle attack. Package downloads are allowed via an insecure HTTP channel after following the Location header redirects. This allows for an attacker in a privileged network position to intercept and modify a package installation and redirect the download to a...

8.1CVSS2.6AI score0.01365EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2019/11/06 3:59 p.m.21 views

Machine-In-The-Middle

Overview All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads with http and follows location header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download...

6.8CVSS2.8AI score0.01365EPSS
Exploits0Affected Software1
Prion
Prion
added 2014/06/02 3:55 p.m.13 views

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

4.3CVSS6.9AI score0.01466EPSS
Exploits1References4Affected Software1
ThreatPost
ThreatPost
added 2013/10/30 5:36 p.m.12 views

Metasploit Modules Available for Seven Open Source Packages

Open source projects with anywhere between 100,000 and 1 million downloads are pretty sizable endeavors, and with the code open for scrutiny, you would think bugs would be found and some sort of disclosure process would be in place. If a spate of recently discovered issues in seven popular softwa...

0.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/05/24 12:0 a.m.27 views

Fedora 17 : python-virtualenv-1.9.1-1.fc17 (2013-8221)

Fixes two security issues with the bundled copy of pip : - Insecure tempdir usage CVE-2013-1888 - Uses http:// to download packages instead of https:// See changelog at: http://pypi.python.org/pypi/virtualenvid2 Multiple bugfixes. See http://pypi.python.org/pypi/virtualenv/1.7.1.2 for...

2.1CVSS5.6AI score0.00367EPSS
Exploits0References5
Rows per page
Query Builder