52984 matches found
[SECURITY] Fedora 43 Update: opencryptoki-3.26.0-3.fc43
Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...
[SECURITY] Fedora 44 Update: opencryptoki-3.26.0-3.fc44
Opencryptoki implements the PKCS11 specification v3.0 and partially v3.1 for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770 crypto cards, and the Trusted Platform Module TPM chip. Opencryptoki also brings a software token implementation that can be used without any cryptog...
PT-2026-42440
Honeywell Control Network Module CNM contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution RCE...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup in the deletemodule.php file, allowing multiple POST paramete...
Honeywell Control Network Module 安全漏洞
The Honeywell Control Network Module is a network communication control module developed by the American company Honeywell, aimed at industrial automation and process control systems. The Honeywell Control Network Module has a security vulnerability that stems from the insertion of sensitive...
Concrete CMS 跨站请求伪造漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/express/association/reorder module...
PT-2026-42441
Honeywell Control Network Module CNM contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data...
Honeywell Control Network Module 安全漏洞
The Honeywell Control Network Module is a network communication control module developed by the American company Honeywell, aimed at industrial automation and process control systems. The Honeywell Control Network Module has a security vulnerability, which stems from command injection in the web...
kernel: proc: fix UAF in proc_get_inode()
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...
CVE-2026-47372
CVE-2026-47372 affects Crypt::SaltedHash for Perl up to version 0.09, where salts are generated using the built-in rand function. This produces insecure, predictable randomness, compromising cryptographic strength. Multiple sources (SUSE, ENISA EUVD, NVD, Debian tracker, CVE lists) describe the s...
CVE-2026-42946
A flaw was found in the ngxhttpscgimodule and ngxhttpuwsgimodule modules of NGINX. When scgipass or uwsgipass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle MITM attack and control the responses from an upstream server may be able t...
CVE-2026-47373
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
Malicious code in vlifegram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8771013473b84f29159a80ec15ce3e9897bc69908ddfa2438845811dd276d87c VLifeGram is published under its own name on PyPI but installs into the pyrogram/ namespace and ships a Pyrogram fork at version 2.1.2.4. It adds an...
CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
ALPINE-CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-29518
Rsync
EUVD-2026-31100
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...
Security update for distribution
This update for distribution rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15...