111 matches found
MAL-2025-57652 Malicious code in mulyono-bubur72-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5f2a2a831f719ca04aefb28369775e4e98fc979b625bfc05f3de3944c406656 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dewi-lepet59-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d9e316c9be55841b614c08a60e4d89b5a953055bc3ddd2c5546ec713d4d3acd The package dewi-lepet59-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...
Malicious code in candra-empal72-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bd139ca8e4ffff0a5d97377ece479139d3513afc0eeac5703c01342b6936815 The package candra-empal72-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...
CVE-2019-1000012
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000012
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000012
Hex package manager versions 0.14.0–0.18.2 contain a signing oracle vulnerability in the package registry verification, which can allow package modifications to go undetected and lead to code execution when victims fetch packages from a malicious/compromised mirror. The issue is tied to the regis...
Fedora 20 : perl-Plack-1.0031-1.fc20 (2014-9542)
---------------------------------------------------------------------- ---------- ChangeLog : - Fri Aug 8 2014 Ralf Corsepius - 1.0031-1 - Upstream update. - Thu Jan 16 2014 Ralf Corsepius - 1.0030-3 - Move misplaced %exclude-line from base-package to -Test. - Wed Jan 15 2014 Ralf Corsepius -...