Lucene search
K

124 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:24 a.m.5 views

Malicious code in websocet-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx def6cdda3e16e392e575914ced25e522c3bcb3ca50d8228652a805cc7ee4ae51 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:24 a.m.4 views

Malicious code in websocket-clietn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 81783882612ba7b6fae545c40b498a476222def4eab8e8b779ff41cefcb93e3d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSV
OSV
added 2023/02/11 11:24 a.m.7 views

MAL-2023-2385 Malicious code in websocket-clieent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4feae31dcf666a30e8848da752d72614ca03bd3c60eedb2f69a4de43eb9f7560 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:24 a.m.4 views

Malicious code in websocke-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5faa944bbc2b25316c377963c3a5db62a519e24c7eae9387a841b8cb137b36b5 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSV
OSV
added 2023/02/11 11:24 a.m.10 views

MAL-2023-2362 Malicious code in webbsocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 72a6a6ad23d9e1606f946a818154ebb20f3b649d47e7094f7854e0ee3b4016c2 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:21 a.m.5 views

Malicious code in weboscket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2cc6bfd099608112cc4fae288c5acdc5d9c5a18dbad3be61e20e1b35dcf98f50 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:21 a.m.4 views

Malicious code in websocket-cleint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b95022cf171781e9a5b50900b78390fa8ba1d016e8c2e34ff9e7fbf2d900ceed Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:21 a.m.4 views

Malicious code in webscket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6c8716d958d7a19a4e59c03eac34c6d8338493b88fb15fd0440025fcbce59c34 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSV
OSV
added 2023/02/11 11:21 a.m.12 views

MAL-2023-2368 Malicious code in webscket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6c8716d958d7a19a4e59c03eac34c6d8338493b88fb15fd0440025fcbce59c34 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:21 a.m.4 views

Malicious code in websockt-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 69c7aefbf467766ec8bbb120d81bb6f61491564fa89b81d0d42be3c249bfae27 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSV
OSV
added 2023/02/11 11:21 a.m.7 views

MAL-2023-2392 Malicious code in websocket-clint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e2ed5b9c8a0271395a5e0407624dd18f8b28071aee5588b73ad595d0d126499a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2022/09/09 12:30 p.m.65 views

Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET http-client Set-Cookie Session Cookie HTTP/2 200 OK http-server WebSocket Handshake "Sec-WebSocket-Key" websocket-client WebSocket Handshake "Sec-WebSocket-Accept"...

7.6AI score
Exploits0References1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.7 views

KubeEdge 资源管理错误漏洞

KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A resource management error vulnerability exists in KubeEdge versions prior to 1.11.1, 1.10.2, and...

6.5CVSS6.4AI score0.00618EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.4 views

Malicious code in hb-websocket-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7dec13e28e581a9f8949e7c49dcc4ff1e9957ae0b21e4d422b33d6ac2e8c724 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.7 views

MAL-2022-3572 Malicious code in hb-websocket-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7dec13e28e581a9f8949e7c49dcc4ff1e9957ae0b21e4d422b33d6ac2e8c724 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/17 12:18 a.m.5 views

cn.yanyvpingsheng:bililive-sdk (=0.1.0), com.cesanta:cloud-service-stubs (>=0.0.1 <=0.0.3) +26 more potentially affected by CVE-2017-1000209 via com.neovisionaries:nv-websocket-client (>=1.16 <=1.4)

com.neovisionaries:nv-websocket-client MAVEN version =1.16, =0.0.1, =0.0.1, =1.2, =1.2, =1.3.2, =1.9.1.10.0, =0.4.2, =1.5.1.9.2, =0.4.0, =2.6.0, =1.2.0, =1.0.0, =7.2.0 and more Source cves: CVE-2017-1000209 Source advisory: OSV:GHSA-4HXV-95RC-JQG7...

5.9CVSS6.2AI score0.0066EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.41 views

SUSE: Security Advisory (SUSE-SU-2018:2699-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.21979EPSS
Exploits0References9
OSV
OSV
added 2020/07/31 5:40 p.m.13 views

GHSA-2V5C-755P-P4GV Missing TLS certificate verification in faye-websocket

The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...

8CVSS7.8AI score0.00914EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2020/07/31 5:40 p.m.38 views

Missing TLS certificate verification in faye-websocket

The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...

8.7CVSS8.1AI score0.00914EPSS
Exploits1References14Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.57 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1992)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.213EPSS
Exploits2References2
Rows per page
Query Builder