MAL-2025-191618 Malicious code in aiohttp-ssl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 212da09ca68167bc40e86f1c838fe5aeb5a6656da5ecbbdb5d17df01b2c262d8 Packages silently decrypt content hidden in a dependency and load them as Python extension modules. In the first wave, those are copies of legitimate aiohttp a...

Malicious code in aiohttp-ssl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 212da09ca68167bc40e86f1c838fe5aeb5a6656da5ecbbdb5d17df01b2c262d8 Packages silently decrypt content hidden in a dependency and load them as Python extension modules. In the first wave, those are copies of legitimate aiohttp a...

CVE-2021-31597

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

Input validation

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

CVE-2021-31597

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

[SECURITY] Fedora 20 Update: python-backports-ssl_match_hostname-3.4.0.2-1.fc20

The Secure Sockets layer is only actually secure if you check the hostname in the certificate returned by the server to which you are connecting, and ver ify that it matches to hostname that you are trying to reach. But the matching logic, defined in RFC2818, can be a bit tricky to implemen t on...

Debian Security Advisory DSA 556-2 (netkit-telnet)

The remote host is missing an update to netkit-telnet announced via advisory DSA 556-2. OpenVAS Vulnerability Test $Id: deb5562.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 556-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

[SECURITY] [DSA 896-1] New ftpd-ssl packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 896-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 250-1] New w3mmee-ssl packages fix cookie information leak

-------------------------------------------------------------------------- Debian Security Advisory DSA 250-1 [email protected] http://www.debian.org/security/ Martin Schulze February 12th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 250-1] New w3mmee-ssl packages fix cookie information leak

-------------------------------------------------------------------------- Debian Security Advisory DSA 250-1 [email protected] http://www.debian.org/security/ Martin Schulze February 12th, 2003 http://www.debian.org/security/faq -...

[SECURITY] New version of curl fixes buffer overflow (update)

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman October 14, 2000 - ------------------------------------------------------------------------ Package : curl and curl-ssl Problem...