111 matches found
MAL-2025-55968 Malicious code in effective_spoonbill_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74924a4772ee9ebb15d7712f24113e3d2f9e0186996efab6f6dc154aa7ace05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in candra-empal72-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bd139ca8e4ffff0a5d97377ece479139d3513afc0eeac5703c01342b6936815 The package candra-empal72-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...
Malicious code in dewi-lepet59-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d9e316c9be55841b614c08a60e4d89b5a953055bc3ddd2c5546ec713d4d3acd The package dewi-lepet59-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...
CVE-2019-1000012
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000012
Hex package manager versions 0.14.0–0.18.2 contain a signing oracle vulnerability in the package registry verification, which can allow package modifications to go undetected and lead to code execution when victims fetch packages from a malicious/compromised mirror. The issue is tied to the regis...
CVE-2019-1000012
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...
Fedora 20 : perl-Plack-1.0031-1.fc20 (2014-9542)
---------------------------------------------------------------------- ---------- ChangeLog : - Fri Aug 8 2014 Ralf Corsepius - 1.0031-1 - Upstream update. - Thu Jan 16 2014 Ralf Corsepius - 1.0030-3 - Move misplaced %exclude-line from base-package to -Test. - Wed Jan 15 2014 Ralf Corsepius -...