132 matches found
DEBIAN-CVE-2026-23991
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
GHSA-846P-JG2W-W324 go-tuf affected by client DoS via malformed server response
Security Disclosure: Client DoS via malformed server response Summary If the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a DoS. The panic happens before any signature is validated...
MiracleLinux 8 : rpm-4.14.3-14.el8 (AXSA:2021-2180:05)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2180:05 advisory. rpm: Signature checks bypass via corrupted rpm package CVE-2021-20271 Tenable has extracted the preceding description block directly from the MiracleLinux...
PT-2026-3903
Name of the Vulnerable Software and Affected Versions go-tuf versions 2.0.0 through 2.3.0 Description go-tuf, a Go implementation of The Update Framework TUF, is susceptible to a denial of service. When processing TUF metadata, versions prior to 2.3.1 may panic if invalid JSON is received from th...
CVE-2022-23334
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...
EUVD-2018-11773
Malware in sbrugna...
EUVD-2019-7568
Malware in sbrugna...
EUVD-2023-28003
Malicious code in bioql PyPI...
EUVD-2022-28414
Malicious code in bioql PyPI...
EUVD-2025-31754
Malicious code in bioql PyPI...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
Linux Distros Unpatched Vulnerability : CVE-2017-16852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itsel...
Mattermost Fails to Validate File Paths
Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...
ROS-20250818-03
Vulnerability of phpseclib cryptographic protocol library is related to incorrect processing of RSA PKCS1 signature verification. of RSA PKCS1 signatures. Exploitation of the vulnerability could allow an attacker acting remotely, to compromise the target system. A vulnerability in the phpseclib...
Linux Distros Unpatched Vulnerability : CVE-2020-14365
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf...
UBUNTU-CVE-2024-38807
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...
GO-2022-0989 Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite
Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite...
Exploit for Authentication Bypass by Spoofing in Apache Cloudstack
🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...
Apache CloudStack 安全漏洞
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security bypass vulnerability exists in Apache CloudStack that stem...