CVE-2026-45614

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

Cross-site Scripting (XSS)

Overview wlc is an A command-line utility for Weblate, translation tool with tight version control integration Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML output rendering paths in the output formatter. An attacker can inject arbitrary markup or...

Smallstep step-ca 输入验证错误漏洞

Smallstep step-ca is an online certificate authority for DevOps security and automated certificate management provided by the Smallstep company in the United States. Versions of Smallstep step-ca prior to 0.30.0-rc3 contained a vulnerability related to input validation errors. This vulnerability...

Prototype Pollution

counterpart is vulnerable to Prototype Pollution. The vulnerability is due to insufficient sanitization of user-controlled translation keys, which allows an attacker to supply crafted keys containing prototype chain elements to inject arbitrary properties into the JavaScript Object prototype,...

Prototype Pollution

Overview org.webjars.npm:messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing...

Linux Distros Unpatched Vulnerability : CVE-2018-3737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. CVE-2018-3737 Note that Nessus relies on the presence of the package as reported by the...

K15782: SQL injection vulnerability CVE-2014-3704

Security Advisory Description The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. CVE-2014-3704 Impact None...

SUSE CVE-2009-1189

The dbusvalidatesignaturewithreason function dbus-marshal-validate.c in D-Bus aka DBus before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834...

SUSE CVE-2015-8539

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service BUG via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/userdefined.c...

SUSE CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...

SUSE CVE-2021-23992

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

OESA-2022-1924 linux-sgx security update

IntelR Software Guard Extensions IntelR SGX is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. Security Fixes: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for...

DEBIAN-CVE-2022-0778

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

PYSEC-2022-2

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a...

UBUNTU-CVE-2021-23992

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

Mozilla Thunderbird < 78.9.1

The version of Thunderbird installed on the remote Windows host is prior to 78.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-13 advisory. - When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt...

KLA12135 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. A security vulnerability can be exploited via special crafted version of key to...

golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server...

nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...