GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

OpenClaw has an unspecified vulnerability (CNVD-2026-16383)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to reuse previously approved requests and bypass enforcement of integrity controls...

Cisco IOS XE Software for Catalyst Rugged Series Switches Secure Boot Bypass (cisco-sa-xe-secureboot-bypass-B6uYxYSZ)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series...

The vulnerability of the embeddedAsarIntegrityValidation function and the onlyLoadAppFromAsar framework for writing Electron applications allows attackers to circumvent security restrictions and gain access to read and modify data.

The vulnerability of the embededAsarIntegrityValidation and onlyLoadAppFromAsar functions in the Electron application development framework is related to improper checking of integrity values. Exploiting this vulnerability can allow attackers to bypass security restrictions and gain access to rea...

Fedora 40 : golang-x-crypto (2024-0d8d3b8dcc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d8d3b8dcc advisory. Automatic update for golang-x-crypto-0.18.0-1.fc40. Changelog Tue Jan 9 2024 Mark E. Fuller - 0.18.0-1 - update to v0.18.0, close rhbz2255095 - CVE-2023-4879...

ROS-20240425-04

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1548)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

AlmaLinux 9 : buildah (ALSA-2024:1150)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1150 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks su...

AlmaLinux 8 : openssh (ALSA-2024:0606)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0606 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Privilege escalation

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges...

PT-2024-1557 · Lenovo · Lenovo Vantage

Name of the Vulnerable Software and Affected Versions: Lenovo Vantage affected versions not specified Description: The issue is related to errors in the certificate authentication procedure of the Lenovo Vantage Service utility for optimizing BIOS driver automatic update procedures. It allows a...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-paramiko (SUSE-SU-2024:0035-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0035-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

AZL-34673 CVE-2023-48795 affecting package erlang for versions less than 26.2.3-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

rclone -- Multiple vulnerabilities

Multiple vulnerabilities in ssh and golang CVE-2023-45286: HTTP request body disclosure in go-resty disclosure across requests. CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Microsoft .NET Framework Device Guard Local Security Restriction Bypass Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

PT-2013-3307 · Mozilla +1 · Firefox Esr +4

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 21.0 Firefox ESR versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR versions prior to 17.0.6 Description: The issue allows local users to bypass integrity verification and gain...

Design/Logic Flaw

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected...