1093 matches found
Improper Validation of Integrity Check Value
Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the Triton inference handler. An attacker can execute arbitrary code with the SageMaker execution...
Astra Linux – Vulnerability in Ruby-Rack
A security vulnerability exists in versions of Rack 2.2.3 and Rack 2.1.4, where reliance on cookies without validation/integrity checks allows an attacker to forge a secure or host-only cookie prefix...
Astra Linux – Vulnerability in Heimdal
The fix for CVE-2022-3437 involved changing the memcmp function to run in constant time, as well as providing a workaround for a compiler bug by adding comparisons of the result of memcmp with the value “!= 0”. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and...
MAL-2026-4740 Malicious code in zod-to-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0 The package is published as 'zod-to-js' but ships a copy of pino's source tree main entry pino.js, lib/proto.js, lib/levels.js, pino docs/README with...
Integrity Check Bypass
Striae is vulnerable to Integrity Check Bypass. The vulnerability is due to reliance on hash-only validation in the digital confirmation workflow, where attackers could modify both package contents and corresponding manifest hash fields, allowing tampered confirmation packages to pass integrity...
CVE-2026-8597
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
PT-2026-41118
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
CVE-2026-31719
A flaw was found in the krb5enc module of the Linux kernel's crypto subsystem. When performing asynchronous decryption, the krb5encdispatchdecrypt function incorrectly bypasses the integrity verification hash check. This issue occurs because the skcipher completion handler signals completion...
Download of Code Without Integrity Check
Overview Affected versions of this package are vulnerable to Download of Code Without Integrity Check via the verifyDownload function that does not perform integrity or authenticity verification of downloaded update. An attacker can execute arbitrary code by supplying a malicious executable that ...
CVE-2026-42248 Missing Signature Verification for Updates in Ollama
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...
CVE-2026-41244
Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013676)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013676 advisory. In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rbmovetail and rbcheckpages It seems a data race between...
EUVD-2026-24031
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction DoS...
CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...
PT-2026-33882
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description The OCI plugin downloader contains an issue in the ExtractPluginFromImage function where plugin binaries are extracted from container images by streaming decompressed tar data via io.Copy without a...
Siemens SCALANCE Improper Validation of Integrity Check Value(CVE-2020-26141)
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check authenticity of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the...
CVE-2026-40066
CVE-2026-40066 affects Anviz CX2 Lite and CX7 due to unverified update packages that can be uploaded. The device may unpack and execute a script, resulting in unauthenticated remote code execution. Root cause appears to be lack of integrity verification for update packages before execution. Impac...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git [CVE-2026-25934]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git, due to an issue where data integrity values for .pack and .idx files were not properly verified CVE-2026-25934. GO-git is used as a component of our ibm-watson-speech-catalog...