Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-1732

Malware in sbrugna...

8.8CVSS8.8AI score0.00877EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-1733

Malware in sbrugna...

8.8CVSS8.8AI score0.0179EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4868

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00877EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-50237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation fo...

5.9CVSS5.4AI score0.00183EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/28 11:37 p.m.4 views

SUSE CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

5.9CVSS6.9AI score0.00183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/09/09 4:0 a.m.6 views

SUSE CVE-2019-1000014

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...

8.8CVSS7.6AI score0.0179EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:7 a.m.9 views

GHSA-Q3CC-RR2C-87R6 Hex authenticity of signed packages not validated

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

8.8CVSS8.9AI score0.00877EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.25 views

Hex authenticity of signed packages not validated

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

8.8CVSS7.5AI score0.00877EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/02/04 9:29 p.m.9 views

CVE-2019-1000012

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...

8.8CVSS8.9AI score0.00877EPSS
Exploits0References2
NVD
NVD
added 2019/02/04 9:29 p.m.10 views

CVE-2019-1000014

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...

8.8CVSS8.9AI score0.0179EPSS
Exploits0References1
NVD
NVD
added 2019/02/04 9:29 p.m.26 views

CVE-2019-1000013

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

8.8CVSS8.9AI score0.00877EPSS
Exploits0References2
OSV
OSV
added 2019/02/04 9:29 p.m.20 views

CVE-2019-1000013

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

8.8CVSS7.3AI score
Exploits0References2
Prion
Prion
added 2019/02/04 9:29 p.m.10 views

Design/Logic Flaw

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...

6.8CVSS8.8AI score0.00877EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/02/04 9:29 p.m.29 views

Design/Logic Flaw

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

6.8CVSS8.8AI score0.00877EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/02/04 9:0 p.m.26 views

CVE-2019-1000013

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

9AI score0.00877EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/04 9:0 p.m.22 views

CVE-2019-1000012

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...

8.9AI score0.00877EPSS
Exploits0References2
CVE
CVE
added 2019/02/04 9:0 p.m.48 views

CVE-2019-1000012

Hex package manager versions 0.14.0–0.18.2 contain a signing oracle vulnerability in the package registry verification, which can allow package modifications to go undetected and lead to code execution when victims fetch packages from a malicious/compromised mirror. The issue is tied to the regis...

8.8CVSS8.9AI score0.00877EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/02/04 9:0 p.m.53 views

CVE-2019-1000013

Hex Core (Hex package manager) versions 0.3.0 and earlier contain a Signing oracle vulnerability in the Package registry verification that can allow code execution. The issue arises when a victim fetches packages from a malicious or compromised mirror, potentially modifying packages without detec...

8.8CVSS8.9AI score0.00877EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder