OPENSUSE-SU-2026:20875-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

CVE-2026-41351

OpenClaw prior to version 2026.3.31 is affected by a replay-detection bypass in webhook signature handling. The vulnerability occurs because Base64 and Base64URL encoded signatures are treated as distinct requests, allowing an attacker to re-encode Telnyx webhook signatures to bypass replay prote...

A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass

...

MiracleLinux 4 : rpm-4.8.0-19.0.1.AXS4 (AXSA:2012-45:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-45:01 advisory. The RPM Package Manager RPM is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating...

EUVD-2017-14175

Malware in sbrugna...

CVE-2019-0865

A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles...

CVE-2003-0724

ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges...

Alibaba Cloud Linux 3 : 0081: nss (ALINUX3-SA-2021:0081)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0081 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43527: NSS Network Security Services...

PT-2025-14572 · Yubico · Yubikey

Name of the Vulnerable Software and Affected Versions: Yubico YubiKey versions 5.4.1 through 5.7.3 Description: The issue is related to an incorrect implementation of the FIDO CTAP PIN/UV 2 authentication protocol. Specifically, it uses the signature length from the CTAP PIN/UV 1 protocol, even...

CVE-2023-51551

Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-51552 Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-51552 Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2023-7922 · Mozilla +9 · Thunderbird +9

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 115.6 Description: The issue is related to errors in handling OpenPGP cryptographic signatures. Exploitation of this issue may allow a remote attacker to perform a spoofing attack. When processing a PGP/MIME...

PT-2023-7969 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2023-7968 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

SUSE CVE-2010-3762

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...

SUSE CVE-2017-5066

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page...

OESA-2022-1492 nss security update

Network Security Services. Security Fixes: NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are...

USN-5111-1 strongswan vulnerabilities

It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2021-41990 It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A...

USN-4474-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information...