22 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix applymicrocodeamd's return value When verifysha256digest fails, applymicrocodeamd should propagate the failure by returning false and not -1 which is promoted to true...
CVE-2026-26275
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
CVE-2026-26275
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
CVE-2026-26275
The CVE affects httpsig-hyper up to version 0.0.22, where Digest header verification could incorrectly succeed due to a misuse of Rust’s matches! macro, causing digest checks to pass even when the computed digest did not match the expected value. This could allow message body modifications to go ...
GHSA-7V42-G35V-XRCH Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass
Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!digest, expecteddigest treated expecteddigest as a pattern binding rather than a value comparison,...
PT-2026-20344
Name of the Vulnerable Software and Affected Versions httpsig-hyper versions prior to 0.0.23 Description The httpsig-hyper library contains an issue where Digest header verification could incorrectly succeed due to an incorrect use of Rust’s matches! macro. The comparison if matches!digest,...
EUVD-2026-1868
Cosign verification accepts any valid Rekor entry under certain conditions...
CVE-2026-22703
Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...
EUVD-2021-24326
Malware in sbrugna...
CVE-2021-37847
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...
kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
An unchecked buffer bounds flaw was found in the Linux kernel's NVMe TCP Fabrics driver. An attacker with the ability to send a crafted packet to an affected NVMe host could exploit this flaw to alter kernel memory, leading to an escalation of privileges or a compromise of system integrity or...
UBUNTU-CVE-2025-22047
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix applymicrocodeamd's return value When verifysha256digest fails, applymicrocodeamd should propagate the failure by returning false and not -1 which is promoted to true...
PT-2024-39992 · Regclient · Regclient
Name of the Vulnerable Software and Affected Versions: regclient versions prior to 0.7.1 Description: A malicious registry could return a different digest for a pinned manifest without detection. This issue affects the regclient, a Docker and OCI Registry Client in Go. Recommendations: For versio...
SUSE-SU-2024:2383-1 Security update for skopeo
This update for skopeo fixes the following issues: - CVE-2024-3727: Added missing image digest verification bsc1224123...
SUSE: Security Advisory (SUSE-SU-2024:2383-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2009-3086
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts...
CVE-2021-37847
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...