19 matches found
Mbed TLS -- vulnerabilities
https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...
CVE-2026-33222
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...
CVE-2025-43514
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data...
EUVD-2016-4708
Malware in sbrugna...
EUVD-2024-18380
Malicious code in bioql PyPI...
CVE-2025-26637 Windows BitLocker Security Feature Bypass Vulnerability
...
The vulnerability of VMware NSX network virtualization platform, related to the lack of security measures for website structures, allows attackers to gain unauthorized access to protected information.
The vulnerability of VMware NSX network virtualization platform is related to the lack of security measures for the website structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by replacing the URL address...
The vulnerability of the gswipremove() function in Lantiq/Intel GSWIP kernel drivers for Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the gswipremove function in the drivers/net/dsa/lantiqgswip.c file of the Lantiq/Intel GSWIP driver for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...
PT-2022-2958 · Sonicwall · Sonicwall Sma1000
Name of the Vulnerable Software and Affected Versions: SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier Description: The issue is related to the use of a shared and hard-coded encryption key to store data. This could allow an attacker to disclose protected information...
The vulnerability of the `ntfsattr_pread_i` function in the NTFS file system driver for the FUSE NTFS-3G module, related to writing beyond the buffer boundary, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ntfsattrpreadi function in the NTFS file system driver for the FUSE NTFS-3G module is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Performance API component in the Google Chrome web browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Performance API component in the Google Chrome web browser is related to the lack of protection for the transmitted data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Moxa EDR-G902 and EDR-G903 microcontroller-based software, related to buffer overflow in the stack, allows attackers to compromise the confidentiality, integrity, or accessibility of the protected information.
The vulnerability of the microprogramming software of Moxa EDR-G902 and EDR-G903 is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, or accessibility of the protected information...
The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to improper elimination of special elements used in SQL commands, allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...
The vulnerability of the Win32k component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Win32k component in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Django library for the Python programming language, which allows attackers to compromise the integrity of protected information
The vulnerability of the Django library for the Python programming language is related to insufficient elimination of special elements in the output data used by the lower-level component. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the iOS operating system, due to errors in processing NAS messages, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the iOS operating system arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the information protected during the processing of Downlink NAS messages in Qualcomm Telephony. Th...
CVE-2017-1326
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060...
Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the iscsitarget-kmp-default-debuginfo package of the OpenSUSE operating system can lead to breaches of the confidentiality, integrity, and accessibility of protected information. Exploitation of these vulnerabilities can be carried out remotely...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The numerous vulnerabilities of the mono-mcs package in the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...