CVE-2026-9058

Szafir SDK returns a success status code from the cryptographic digital signature verification process i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified" even when the trust status of the signer's certificate could not be established i.e...

CVE-2026-9058

The Szafir SDK is affected by an improper certificate verification issue where the verification process returns success (Result/@code == 0) even when the signer certificate trust status is nondetermined. This leads consuming applications to treat signatures as valid despite an unverified certific...

CVE-2026-9058

creationtimestamp| type| source ---|---|--- 2026-05-25 07:55:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-9058...

EUVD-2020-9058

Malware in sbrugna...

CVE-2025-9058

creationtimestamp| type| source ---|---|--- 2025-09-09 08:55:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyfdwjn3lf2q...

MAL-2025-9058 Malicious code in @malware-test-wanly-dunno-nulls-jaups/test-mlw3-wanly-dunno-nulls-jaups (npm)

The package @malware-test-wanly-dunno-nulls-jaups/test-mlw3-wanly-dunno-nulls-jaups was found to contain malicious code...

CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

Rocky Linux 8 : prometheus-jmx-exporter (RLSA-2022:9058)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:9058 advisory. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can...

AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2022:9058)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:9058 advisory. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can le...

Oracle Linux 8 : ELSA-2022-9058-1: / prometheus-jmx-exporter (ELSA-2022-90581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-90581 advisory. 0.12.0-9 - Fix CVE-2022-1471 by using SafeConstructor. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

CVE-2020-9058

CVE-2020-9058 affects Z‑Wave devices based on Silicon Labs 500 series chipsets using CRC‑16 encapsulation and lacking encryption or replay protection. Concrete examples in the initial data include Linear LB60Z‑1 (v3.5), Dome DM501 (v4.26), and Jasco ZW4201 (v4.05). The root cause is absence of en...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9058)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9058 advisory. - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant...

Fedora 30 : 1:ytnef (2019-7d7083b8be)

ytnef 1.9.3 release, fixing a number of security issues : - CVE-2017-9470 - CVE-2017-9471 - CVE-2017-9474 - CVE-2017-9058 - CVE-2017-12142 - CVE-2017-12141 - CVE-2017-12144 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

CVE-2019-9058

CMS Made Simple 2.2.8 has a vulnerability in the administrator page admin/changegroupperm.php where sending a crafted value in the sel_groups parameter enables authenticated object injection. The issue affects the affected component/functionality and is consistent with the CVSS metrics reported (...

CVE-2019-9058

An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the selgroups parameter that leads to authenticated object injection...

Ubuntu: Security Advisory (USN-3667-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3667-1: libytnef vulnerabilities

It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. CVE-2017-12141, CVE-2017-9146, CVE-2017-9471, CVE-2017-9473 It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this t...

CVE-2018-9058

In Long Range Zip aka lrzip 0.631, there is an infinite loop in the runzipfd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...

CVE-2018-9058

In Long Range Zip aka lrzip 0.631, there is an infinite loop in the runzipfd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...

CVE-2018-9058

In Long Range Zip aka lrzip 0.631, there is an infinite loop in the runzipfd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...