74 matches found
Security update for python-pyOpenSSL
This update for python-pyOpenSSL fixes the following issue CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for python3-pyOpenSSL
This update for python3-pyOpenSSL fixes the following issue CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency bsc1262803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
JLSEC-2026-258 Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when...
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...
CVE-2026-35374
The CVE concerns the split utility of uutils coreutils, where a TOCTOU race exists between a path-based check and subsequent opening with truncation. An attacker with directory write access can swap path components (e.g., via a symlink) during the race, causing split to truncate and write to an u...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the dd utility suppressing errors during file truncation operations by unconditionally calling Result::ok. Although...
Security Bulletin: Improper Unicode Handling in validator isLength() Leads to Input Length Bypass (Pre-13.15.22) affects watsonx.data
Summary Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from race conditions during the release of swap entries, potentially leading to data truncation...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenSSL vulnerabilities (USN-7980-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7980-1 advisory. Stanislav Fort, Petr imeek, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC...
USN-7980-1 openssl vulnerabilities
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the openssl dgst command-line tool, which silently truncates input data to 16MB when using one-shot signing algorithms. Signatures for payloads larger than 16MB may appear to be valid...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002740)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002740 advisory. In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated...
Incomplete Filtering
validator is vulnerable to Incomplete Filtering.The vulnerability is due to improper handling of Unicode variation selectors \uFE0F, \uFE0E, where these characters are not counted toward string length, allowing attackers to submit inputs far longer than intended and potentially causing data...
Exploit for CVE-2025-12758
CVE-2025-12758: Validator.js isLength Unicode Variation Sele...
GHSA-VGHF-HV5Q-VC2G Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...
CVE-2025-12758
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...
CVE-2025-12758
CVE-2025-12758—Validator.js isLength() Unicode variation selector bypass . Multiple IBM advisories reference affected product lines (e.g., IBM App Connect Enterprise, QRadar) where validator versions earlier than 13.15.22 are vulnerable due to incomplete filtering of Unicode variation selectors i...
PT-2025-48236
Name of the Vulnerable Software and Affected Versions validator versions prior to 13.15.22 Description The package validator, in versions prior to 13.15.22, contains an issue related to incomplete filtering of special elements within the isLength function. Specifically, the function does not...
EUVD-2018-3329
Malware in sbrugna...
EUVD-2019-2334
Malware in sbrugna...
EUVD-2020-0596
Malware in sbrugna...