EUVD-2026-21597

phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

Advisory ROSA-SA-2026-3190

Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...

Advisory ROSA-SA-2026-3170

Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.0 unaffected versions = libsndfile-1.0.28-16.0.2.rv30 affected versions libsndfile-1.0.28-16.0.2.rv30 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library ...

EUVD-2018-11442

Malware in sbrugna...

EUVD-2017-17320

Malware in sbrugna...

EUVD-2025-29549

Malicious code in bioql PyPI...

CVE-2025-56706

Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution RCE vulnerability via the Object parameter in the openwrtgetConfig function...

CVE-2023-27654

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component...

Design/Logic Flaw

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component...

CVE-2023-27653

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files...

Design/Logic Flaw

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files...

PT-2023-21287 · Who · Who

Name of the Vulnerable Software and Affected Versions: WHO versions 1.0.28 through 1.0.32 Description: An issue allows an attacker to cause a denial of service via the SharedPreference files. Recommendations: For versions 1.0.28 through 1.0.32, consider restricting access to the SharedPreference...

WHO 安全漏洞

WHO is an online video community application. A security vulnerability exists in WHO versions 1.0.28, 1.0.30, and 1.0.32, which originates from a vulnerability that could allow an attacker to elevate privileges via the TTMultiProvider component...

SUSE CVE-2017-7586

In libsndfile before 1.0.28, an error in the "headerread" function common.c when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file...

SUSE CVE-2017-8362

The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file...

SUSE CVE-2018-13419

An issue has been found in libsndfile 1.0.28. There is a memory leak in psfallocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue...

SUSE CVE-2018-19432

An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sfwriteint in sndfile.c, which will lead to a denial of service...

SUSE CVE-2018-19662

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alawarray in alaw.c that will lead to a denial of service...