CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

EUVD-2017-1609

Malware in sbrugna...

EUVD-2005-0131

Malware in sbrugna...

EUVD-2012-2099

Malware in sbrugna...

EUVD-2017-3356

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-14267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. CVE-2019-14267 Note that Nessus...

CVE-2025-55383

Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server...

PT-2025-34230 · Moss · Moss

Name of the Vulnerable Software and Affected Versions: Moss versions prior to 0.15 Description: Moss before version 0.15 contains a file upload issue. The configuration of the upload function permits attackers to upload files with any extension to arbitrary locations on the target server...

Moss 安全漏洞

Moss is a simple and lightweight content management system open-sourced by deep-project. A security vulnerability exists in Moss versions prior to 0.15, which stems from a misconfiguration of the file upload feature that could result in the upload of arbitrary files...

CVE-2002-20002

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...

CVE-2024-56830

The CVE-2024-56830 issue affects the Net::EasyTCP Perl module (libnet-easytcp-perl) versions 0.15–0.26. The root cause is fallback to Perl’s insecure rand() when Crypt::Random isn’t available, risking weak randomness. Debian/OSV/NASL references confirm a fix: upgrade to Debian 11 bullseye package...

PT-2025-1323 · Unknown · Net::Easytcp

Name of the Vulnerable Software and Affected Versions: Net::EasyTCP versions prior to 0.15 Description: The issue concerns the use of Perl's built-in rand function, which is not a strong random number generator, for generating cryptographic keys. This weakness can potentially lead to predictable...

quiche security breach

quiche is a Cloudflare open source implementation of the IETF-designated QUIC transport protocol and HTTP/3. A security vulnerability exists in quiche versions v0.15.0 through 0.19.0, which stems from a QUIC path authentication requirement that the recipient of a PATHCHALLENGE frame responds by...

pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory

Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...

DEBIAN-CVE-2021-32292

An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit...

AZL-28060 CVE-2021-32292 affecting package json-c for versions less than 0.15-2

An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit...

json-c 缓冲区错误漏洞

json-c is a C-based JSON parser. A buffer error vulnerability exists in json-c 0.15-20200726 and earlier versions, which stems from a buffer overflow vulnerability in the function parseit. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-32292

An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit...

Siemens EFI Boot Guard 输入验证错误漏洞

Siemens EFI Boot Guard is a simple UEFI boot loader from Siemens Germany. A code execution vulnerability exists in Siemens EFI Boot Guard versions prior to 0.15, which stems from insufficient input validation and cleanup, and can be exploited by an attacker to execute arbitrary code in privileged...

PT-2022-28275 · Tuf · Tuf

Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...