[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

Phpseclib needs guardrails on large binaryfield integers

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f Workarounds No. References...

PT-2026-37312

Name of the Vulnerable Software and Affected Versions phpseclib versions prior to 1.0.29 phpseclib versions prior to 2.0.54 phpseclib versions prior to 3.0.52 Description phpseclib is a PHP secure communications library. An issue exists where loading untrusted ASN1 files, such as X509 certificate...

OPENSUSE-SU-2026:20566-1 Security update for Botan

This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates bsc1261993...

[SECURITY] Fedora 42 Update: nss-3.121.0-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

GHSA-WVQX-V3F6-W8RH jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

CVE-2026-4600

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of DSA domain parameters in the src/dsa-2.0.js file, which could lead to the creation of forg...

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

Astra Linux - уязвимость в botan

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints...

SUSE-SU-2025:21193-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

[SECURITY] Fedora 43 Update: openbao-2.4.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...

[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

EUVD-2003-0715

Malware in sbrugna...

EUVD-2001-0338

Malware in sbrugna...

EUVD-2005-1142

Malware in sbrugna...

EUVD-2017-15400

Malware in sbrugna...

EUVD-2002-0691

Malware in sbrugna...

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

...