37 matches found
Astra Linux – Vulnerability in Firefox, Thunderbird
When installing an add-on, Firefox verifies the signature before prompting the user. However, while the user is confirming the prompt, the underlying add-on file could be modified without being detected by Firefox. This vulnerability affects Firefox versions earlier than 98, Firefox ESR versions...
Linux Distros Unpatched Vulnerability : CVE-2026-45022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that...
Security update for python-cryptography (important)
openSUSE security update: security update for python-cryptography ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20506-1 Rating: important References: bsc1258074 bsc1260876 Cross-References: CVE-2026-26007 CVE-2026-34073 CVSS scores: CVE-2026-26007...
Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1510)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1510 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via...
TencentOS Server 4: edk2 (TSSA-2026:0116)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0116 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.
Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jw...
CVE-2026-1568
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
EulerOS Virtualization 2.10.1 : gnupg2 (EulerOS-SA-2026-1117)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...
Security Bulletin: IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.
Summary IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In...
EUVD-2021-1273
Malware in sbrugna...
EUVD-2018-8005
Malware in sbrugna...
EUVD-2000-0961
Malware in sbrugna...
EUVD-2016-5407
Malware in sbrugna...
EUVD-2023-50382
Malicious code in bioql PyPI...
EUVD-2024-51398
Malicious code in bioql PyPI...
EUVD-2023-0264
Malicious code in bioql PyPI...
EUVD-2022-1576
Malicious code in bioql PyPI...
EulerOS 2.0 SP13 : gnupg2 (EulerOS-SA-2025-1975)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2025-1989)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-54419 Node-SAML Contains SAML Signature Verification Vulnerability
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...