203 matches found
CVE-2026-50573
A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass package integrity checks during the pnpm install process when operating in non-frozen mode. If a malicious package registry serves altered content for a locked package, pnpm may accept this new...
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field
Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...
SUSE CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages
A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...
openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages
A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...
EUVD-2026-35478
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
ALPINE-CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
USN-8414-1: OpenSSL vulnerabilities
Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34182
CVE-2026-34182 describes a vulnerability in CMS AuthEnvelopedData processing in OpenSSL where insufficient input validation on cipher and tag length can allow forged or manipulated messages. Attack scenarios include selecting non-AEAD ciphers (e.g., AES-256-OFB) that bypasses integrity checks and...
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
PT-2026-47831
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers. This allows attackers to achiev...
Security feature bypass vulnerability in Azure Key Vault Keys library for Java
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...
USN-8236-1 slurm-wlm vulnerabilities
It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2023-41914 Ryan Hall discovered that Slurm did not correctly enforce certai...
USN-8236-1: Slurm vulnerabilities
It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2023-41914 Ryan Hall discovered that Slurm did not correctly enforce certai...
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However,...