21 matches found
DRUPAL-CONTRIB-2026-058
This module enables you to take payments through the Global Payments / Realex Hosted Payment Page HPP, either via a lightbox iframe or via a full-page redirect. When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment...
SUSE-SU-2026:2462-1 Security update for ldns
This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, it does not sufficiently verify that received responses belong to a sent query bsc1267670...
OPENSUSE-SU-2026:21093-1 Security update for ldns
This update for ldns fixes the following issue - CVE-2026-10846: when ldns is used by applications for stub resolving, it does not sufficiently verify that received responses belong to a sent query bsc1267670...
EUVD-2026-25525
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgkverifyresponse Fix rxgkverifyresponse to clean up the rxgk context it creates...
JLSEC-2025-25 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insu...
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...
EUVD-2012-3480
Malware in sbrugna...
EUVD-2025-30236
Malicious code in bioql PyPI...
EUVD-2024-1122
Malicious code in bioql PyPI...
CVE-2025-10457
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...
CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...
GHSA-36H8-R92J-W9VW The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass
Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user...
The vulnerability of the scsidebug component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the scsidebug component in the Linux operating system’s kernel is related to the assignment of the NULL pointer in the functions respverify and respreportzones. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts
dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...
OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.3 advisory. - The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed has...
USN-4974-1 lasso vulnerability
It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-4665-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4665-1 advisory. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sen...
Ubuntu 14.04 LTS : Firefox regression (USN-2458-3)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-3 advisory. USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. Thi...
RHEL 5 / 6 : openssl (RHSA-2013:0587)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0587 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a...
openssl: DoS due to improper handling of OCSP response verification
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service NULL pointer dereference and application crash via an invalid key...
Symantec Enterprise Firewall DNSD cache poisoning
During DNS request parsing neither DNS server authority nor relation between request and response is checked...