7 matches found
Malicious code in anthropic-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ec82c6478e3a82eac71597b1c1fffc17d1b138e11e1a2aeadec7c00344c65e [email protected] is a typosquat against the @anthropic-ai/sdk ecosystem. The package ships no library code — its declared main dist/index.js i...
USN-7839-2: Google Guest Agent vulnerability
USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding update in the Go Cryptography module included in Google Guest Agent. Original advisory details: Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectl...
EUVD-2007-0399
Malware in sbrugna...
USN-5526-2: PyJWT regression
USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly...
USN-5526-1: PyJWT vulnerability
Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature...
CVE-2018-3737
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...
CVE-2007-0397
The Cisco Security Monitoring, Analysis and Response System CS-MARS before 4.2.3 and Adaptive Security Device Manager ASDM before 5.22.54 do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitiv...