CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

EUVD-2025-31754

Malicious code in bioql PyPI...

CVE-2025-56513

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...

UBUNTU-CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

SUSE SLES12 Security Update : slurm (SUSE-SU-2024:0315-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0315-1 advisory. - An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During...

SUSE SLES15 Security Update : slurm (SUSE-SU-2024:0287-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0287-1 advisory. - An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmissio...

Improper Input Validation

libslurm.so is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of length checks for the message size in slurmprotocolapi.c, which allows an attacker to modify RPC traffic in a way that bypasses message hash checks, leading to message extension attacks...

SUSE CVE-2023-49933

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...

Design/Logic Flaw

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...

CVE-2023-49933

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11,...

PT-2023-8199 · Schedmd +2 · Slurm +2

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 22.05.x through 22.05.10 SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0 Description: The issue is related to the improper enforcement of message integrity during transmissi...

Handysoft 数据伪造问题漏洞

Handysoft is a collaboration solution for smart offices from the Korean company HANDYSOFT Handysoft. A security vulnerability exists in HShell.dll of Handysoft's ActiveX control, which stems from a lack of integrity checking of the download URL or download file hash. The vulnerability can be...

VK.com: CSRF в виджетах

Недостаточные проверки хеша в боксе предпросмотра виджета приложений...