9 matches found
Nextcloud user_oidc 授权问题漏洞
Nextcloud useroidc is an application developed by the German company Nextcloud. There were authorization issues in versions of Nextcloud useroidc between 0.3.0 and 3.1.0, as well as between 5.0.0 and 5.1.0, and between 6.0.0 and 6.4.0. This issue stemmed from a lack of User OIDC signature...
PT-2026-39697
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description go-git may parse malformed Git objects differently than upstream Git. When commit or tag objects contain ambiguous or malformed headers, the decoded representation in go-git may expose values that differ...
JLSEC-2026-258 Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when...
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...
openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation
A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the openssl dgst command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection...
CVE-2025-15469
A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the openssl dgst command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection...
Important: Red Hat Security Advisory: RHTAS 1.3.1 - Tech Preview Release of Model Transparency
The Tech Preview release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the signing verification process, allowing an attacker to replace an existing signed update with another payload and bypass Sparkle’s EdDSA signing checks. Remediation Upgrade...
OESA-2021-1279 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: there was a null pointer dereference in llcpsockgetname in net/nfc/llcpsock.c and reproduced it in linux-5.13.0-rc2. An unprivileged user can trigger this bug and cause denial of service. Root Cause After creating an nfc socket,...
Gatekeeper Bug in MacOS Mojave Allows Malware to Execute
Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave 10.14.0. MacOS Gatekeeper is an Apple security feature that enforces code signing and verifies downloads and apps before...