MAL-2026-4393 Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

Astra Linux - уязвимость в libgcrypt20

The ElGamal implementation in Libgcrypt before version 1.9.4 allows plaintext recovery. This occurs because, during interaction between two cryptographic libraries, a dangerous combination of elements arises—specifically, the prime number defined by the receiver’s public key, the generator define...

JLSEC-2026-124

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

CVE-2026-22574

CVE-2026-22574 affects Fortinet FortiSOAR PaaS (versions 7.6.0–7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all) and FortiSOAR on‑premise (7.6.0–7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all). The issue is a vulnerability where passwords are stored in a recoverable format, potentially allowing an authenticated remote...

Security Bulletin: IBM Storage Protect Operations Center is affected by a vulnerability in IBM WebSphere Application Server Liberty that could allow a security configuration attack (CVE-2025-12635).

Summary IBM Spectrum Protect Operations Center uses IBM WebSphere Application Server Liberty in certain components; a vulnerability in Liberty may allow a security configuration attack that could impact the security of the affected environment under specific conditions. Vulnerability Details...

EUVD-2021-27704

Malicious code in bioql PyPI...

EUVD-2021-27705

Malicious code in bioql PyPI...

EUVD-2023-25596

Malicious code in bioql PyPI...

EUVD-2024-19638

Malicious code in bioql PyPI...

Alibaba Cloud Linux 3 : 0129: libgcrypt (ALINUX3-SA-2022:0129)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0129 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-40528: The ElGamal implementation in...

CVE-2024-52508

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...

CVE-2024-12798

CVE-2024-12798 corresponds to an ACE vulnerability in JaninoEventEvaluator via QOS.CH logback-core, affecting Java applications that rely on logback-core configurations. The connected IBM Security Bulletin pages enumerate the CVE under IBM API Connect context and explicitly list CVE-2024-12798 am...

NewStart CGSL MAIN 6.06 : libgcrypt Vulnerability (NS-SA-2023-0085)

The remote NewStart CGSL host, running version MAIN 6.06, has libgcrypt packages installed that are affected by a vulnerability: - The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous...

CVE-2023-28810

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network...

EulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2023-1266)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP (CVE-2021-40528)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP due to a flaw in GnuPG Libgcrypt. CVE-2021-40528. GnuPG Libgcrypt is used as part of the base image included in our service components. Please read the details for...

GLSA-202210-13 : libgcrypt: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-13 libgcrypt: Multiple Vulnerabilities - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size i...

Oracle Linux 8 : libgcrypt (ELSA-2022-9564)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9564 advisory. 1.8.5-7fips - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations Orabug: 33081130 - Change Epoch from 1 to 10 1.8.5-7 - Fix CVE-2021-3356...

Oracle Linux 8 : libgcrypt (ELSA-2022-5311)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5311 advisory. 1.8.5-7 - Fix CVE-2021-33560 2018525 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

Espressif ESP-IDF 缓冲区错误漏洞

Espressif ESP-IDF is an IoT development framework from China Lexin Information Technology Espressif.A memory corruption vulnerability exists in Espressif ESP-IDF, which stems from not checking the SegN field of the Transaction Start PDU, and can be exploited by an attacker during configuration to...