63 matches found
MAL-2025-143020 Malicious code in gravity-centauri-helios-antares (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdfd1d46cfb1e79a472555538c03f5c65bfa51c324508eef833111f42ef5c741 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vera-mangut39-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b319d8f6aa2e44ef090bafa964306e1126a697173b206ca6a69593537799a3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2024-55563
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC Hashed Timelock Contract can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel...
Linux Distros Unpatched Vulnerability : CVE-2023-48795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...
Linux Distros Unpatched Vulnerability : CVE-2021-3618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, suc...
Oracle Database Server (January 2025 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to...
Bitcoin Core å®å Øę¼ę“
Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in Bitcoin Core 27.2 and earlier versions that stems from allowing transaction relay blocking via an offline protocol attack...
CVE-2024-55563
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC Hashed Timelock Contract can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel...
CVE-2024-42397
Multiple unauthenticated Denial-of-Service DoS vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 5 : openssl097a (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SSL/TLS: Cross-protocol attack on TLS using SSLv2 DROWN CVE-2016-0800 - The Diffie-Hellman key-exchange...
USN-6379-1: vsftpd vulnerability
It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect traffic from one subdomain to another...
SUSE CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
Security Analysis of Threema
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...
Reuse of signature to get KYCd after it has been removed
Lines of code Vulnerability details Impact There is no time limit on the validity off KYC digests and users with a removed KYC are not saved. If a issuer of such a digest is either compromised or if they by mistake issue a digest with a deadline far into the future a user could reuse the same...
SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4265-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4265-1 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...
SUSE SLES15 Security Update : vsftpd (SUSE-SU-2022:3458-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3458-1 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...
QA Report
Prevent possible future storage collisions The target action contracts of MIMOProxy.sol use storage slot 0 for immutable addresses, which doesn't currently pose an issue; however, if in future additional contracts are added which allow this slot in storage to be modified then it could open the...
ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
...
AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...