50 matches found
CVE-2026-6092
creationtimestamp| type| source ---|---|--- 2026-06-25 21:55:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5galeomc27...
CVE-2026-6092 Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured
When HAVEENCRYPTTHENMAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC...
CVE-2026-6092
CVE-2026-6092 describes a behavioural fallback issue when HAVE_ENCRYPT_THEN_MAC is configured: the implementation could fall back to MAC-then-Encrypt instead of Encrypt-then-MAC. The connected documents reiterate this description across multiple sources (NVD, ENISA EUVD, Debian security tracker, ...
CVE-2025-6092
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
CVE-2025-6092
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
CVE-2025-6092
CVE-2025-6092 affects comfynonymous comfyui up to version 0.3.39. The vulnerability resides in the /upload/image endpoint where manipulation of the image argument enables cross-site scripting (XSS). Exploitation is possible remotely and PoC activity is indicated in sources. No official fix versio...
CVE-2025-6092 comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
Ubuntu: Security Advisory (USN-6191-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6092-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6092-1 advisory. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy...
SUSE CVE-2018-6092
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.message:cloud-altemistafwk-core-message-active-conf (>=3.0.0.RELEASE <=3.1.0.RELEASE) +706 more potentially affected by CVE-2012-6092 via org.apache.activemq:activemq-core (>=4.1.1 <=5.7.0)
org.apache.activemq:activemq-core MAVEN version =4.1.1, =3.0.0.RELEASE, =1.0, =1.0.0, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =3.0.0.rc1, =3.0.0.rc1, =3.0.0.rc1, =3.0.0.rc1, =3.2.1 and more Source cves: CVE-2012-6092 Source advisory: OSV:GHSA-RP9P-863F-9C4H...
Mageia: Security Advisory (MGASA-2018-0268)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gonitro Nitro Pro Integer Overflow (CVE-2020-6092)
An integer overflow vulnerability exists in Gonitro Nitro Pro. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-6092
Nitro Pro 13.9.1.155 is affected by a code execution vulnerability tied to parsing of /Pattern objects in PDFs. The underlying issue is an integer overflow in the handling of the Pattern bounding box (/BBox), which can be triggered by crafted PDF patterns and may lead to arbitrary code execution....
Fedora 28 : chromium (2018-94e1bc8c23)
Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102...
CVE-2018-6092
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2018-6092
The CVE-2018-6092 entry relates to an integer overflow in Chrome’s WebAssembly implementation on 32‑bit systems, allowing remote code execution inside the sandbox via a crafted HTML page. Affected software from the connected advisories includes Google Chrome/Chromium up to version 66.0.3359.117 (...
Google Chrome Integer Overflow Memory Corruption (CVE-2018-6092)
A memory corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Security Bulletin: IBM Cúram Social Program Management when not configured with LDAP or SSO may be vulnerable to denial of service.(CVE-2014-6092).
Summary Default authentication methods in IBM Curam Social Program Management do not allow for a per user account lockout policy, and rather employ a single, system wide policy. For most users of the system, a low lockout threshold is desirable. However, for users used to integrate with another...
Security Bulletin: IBM Security Key Lifecycle Manager stores unencrypted password (CVE-2016-6092)
Summary IBM Security Key Lifecycle Manager has identified a vulnerability where a password is stored in clear text. This vulnerability can enable attackers to obtain unauthorized access to other integrated systems. IBM Security Key Lifecycle Manager has addressed this vulnerability with the...