67 matches found
MAL-2025-27865 Malicious code in ns-sha3 (npm)
The package ns-sha3 was found to contain malicious code...
MAL-2025-22742 Malicious code in hs-sha3 (npm)
The package hs-sha3 was found to contain malicious code...
Weak Password Hashing
Manifest is vulnerable to Weak Password Hashing. The vulnerability is due to improper password hashing due to the use of SHA3 without a salt, making user passwords more susceptible to cracking if an attacker gains access to the database...
GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...
Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...
CVE-2025-27408
Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...
CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt
Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...
SUSE-SU-2024:2298-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW...
CVE-2024-24559 Vyper SHA3 code generation bug
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...
USN-6525-1 pysha3 vulnerability
Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code...
SUSE-SU-2023:3290-1 Security update for qatengine
This update for qatengine fixes the following issues: - CVE-2022-43507: Fixed a buffer overflow issue with SHA3. bsc1211296...
OESA-2023-1045 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound which allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. Remediation Upgrade sha3 to version 1.0.5 or higher. Reference...
AZL-11501 CVE-2022-37454 affecting package php for versions less than 8.1.12-1
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...
Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats
An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...
Malicious Package in ns-sha3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
Malicious Package in ks-sha3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
Malicious Package in jw-sha3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
GHSA-8G3R-968R-C644 Malicious Package in jw-sha3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
GHSA-67MP-PCV9-VVQ6 Malicious Package in jr-sha3
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...