124 matches found
EUVD-2023-3057
Malicious code in bioql PyPI...
EUVD-2022-47363
Malicious code in bioql PyPI...
Microsoft Windows - Storage QoS Filter Driver Checker
Titles: Microsoft Windows - Storage QoS Filter Driver Checker Author: nu11secur1ty Date: 08/04/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 Description This PowerShell...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer
The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. "Robware.net and RVTools.com are currently offline. We are working expeditiously to restore service and appreciate your patience," the company said in a statement...
CVE-2022-25652
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking...
PT-2025-47801
Name of the Vulnerable Software and Affected Versions GnuTLS versions 15.0 and -current GnuTLS versions prior to Fedora 43 Description A stack overflow issue exists in GnuTLS. The issue is related to a flaw that could potentially allow for malicious exploitation. Recommendations Update GnuTLS to...
PT-2024-34329 · Litespeed · Litespeed Cache
Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache versions through 6.5.1 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in LiteSpeed Cache, allowing Privilege Escalation. This vulnerability enables an attacker to gain administrative...
Improper Verification Of Cryptographic Signature
elliptic is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper handling of the truncateToN function, which fails to correctly verify signatures when the hash contains at least four leading zero bytes and the elliptic curve's base point order is...
OSEC-2023-01 Time of check time of use issue in opam's cache
Bug description Opam uses since version 2.0.0 a download cache: if a source artifact is needed, first its hash is looked up in the local cache /.opam/download-cache//. Opam supports multiple hash algorithms, a cache lookup tries all hash algorithms present in the opam file. Before opam 2.1.5, the...
Apptainer: Lack of Digital Signature Hash Verification
Background Apptainer is the container system for secure high-performance computing. Description The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithms used are cryptographically secure when verifying digital...
GLSA-202210-19 : Apptainer: Lack of Digital Signature Hash Verification
The remote host is affected by the vulnerability described in GLSA-202210-19 Apptainer: Lack of Digital Signature Hash Verification - syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not veri...
UBUNTU-CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-25652
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking...
CVE-2022-25652
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking...
CVE-2022-25652
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking...
[SECURITY] Fedora 36 Update: terrier-0.0.2-6.fc36
Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes...
The vulnerability of microprogramming software in embedded Qualcomm Android operating systems, related to data type conversion errors, allows attackers to escalate their privileges.
The vulnerability of microprogramming software in embedded Qualcomm Android operating systems is related to errors in data type conversion during the verification of file hash segments. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created malicio...
PT-2022-2077 · Qualcomm · Snapdragon
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions affected versions not specified Description: The issue is related to errors in data type conversion during the verification of a file's hash segment, potentially allowing an attacker to elevate their privileges...