4 matches found
EUVD-2022-37807
Malicious code in bioql PyPI...
GnuPG through 2.3.6 in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g. use of GPGME) are met allows signature forgery via injection into the status line.
...
PT-2022-6745 · Gpgme +11 · Gpgme +11
Name of the Vulnerable Software and Affected Versions: GnuPG versions prior to 2.3.7 Description: The issue is related to insufficient neutralization of special elements in a request, allowing a remote attacker to access and compromise confidential data. In unusual situations where an attacker...
Hardcoded credentials
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...