22 matches found
EUVD-2019-1732
Malware in sbrugna...
EUVD-2022-4868
Malicious code in bioql PyPI...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
SUSE CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
GHSA-Q3CC-RR2C-87R6 Hex authenticity of signed packages not validated
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
CVE-2022-24132
CVE-2022-24132 affects phpshe V1.8. The vulnerability is a denial of service in the registry verification/authentication path caused by mishandling a large number of message requests, potentially paralyzing the target service. Exploitation details are not provided beyond the DoS effect in the reg...
CVE-2022-24132
phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...
Pirate matryoshka
The use of torrent trackers to spread malware is a well-known practice; cybercriminals disguise it as popular software, computer games, media files, and other sought-after content. We detected one such campaign early this year, when The Pirate Bay TPB tracker filled up with harmful files used to...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
Design/Logic Flaw
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...
Design/Logic Flaw
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000013
Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...
CVE-2019-1000012
Hex package manager versions 0.14.0–0.18.2 contain a signing oracle vulnerability in the package registry verification, which can allow package modifications to go undetected and lead to code execution when victims fetch packages from a malicious/compromised mirror. The issue is tied to the regis...