22 matches found
EUVD-2019-1732
Malware in sbrugna...
EUVD-2022-4868
Malicious code in bioql PyPI...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
SUSE CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
GHSA-Q3CC-RR2C-87R6 Hex authenticity of signed packages not validated
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
CVE-2022-24132 affects phpshe V1.8. The vulnerability is a denial of service in the registry verification/authentication path caused by mishandling a large number of message requests, potentially paralyzing the target service. Exploitation details are not provided beyond the DoS effect in the reg...
Pirate matryoshka
The use of torrent trackers to spread malware is a well-known practice; cybercriminals disguise it as popular software, computer games, media files, and other sought-after content. We detected one such campaign early this year, when The Pirate Bay TPB tracker filled up with harmful files used to...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
Design/Logic Flaw
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
Design/Logic Flaw
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000013
Hex Core (Hex package manager) versions 0.3.0 and earlier contain a Signing oracle vulnerability in the Package registry verification that can allow code execution. The issue arises when a victim fetches packages from a malicious or compromised mirror, potentially modifying packages without detec...