CVE-2026-7999

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

OESA-2026-1784 audiofile security update

The Audio File Library is a C-based library for reading and writing audio files in many common formats. Security Fixes: In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial ...

EUVD-2018-1543

Malware in sbrugna...

EUVD-2006-6883

Malware in sbrugna...

ROS-20251007-03

The vulnerability of the high-performance open source DNS server PowerDNS Recursor is related to a a bug in the ECS implementation. Exploitation of the vulnerability could allow an attacker acting remotely, perform cache poisoning attacks...

CVE-2024-54131

The Kolide Agent aka: Launcher is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent known as launcher allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started...

CVE-2024-54131

CVE-2024-54131 (Kolide Agent / launcher, Windows): An implementation bug introduced in 1.5.3, where launcher started storing upgraded binaries in ProgramData and inherited looser root permissions, combined with an omitted SystemDrive env var when launcher starts osqueryd, enables local attackers ...

RHEL 9 : nodejs:18 (RHSA-2024:1503)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1503 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

K62695363: OpenSSL vulnerability CVE-2018-0733

Security Advisory Description Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than th...

containerd 资源管理错误漏洞

containerd is an industry-standard container runtime open-sourced by containerd. A resource management error vulnerability exists in containerd versions prior to 1.6.12, 1.5.16, and prior to 1.5.16. The vulnerability stems from a bug found in containerd's CRI implementation, which can be exploite...

Format string bug in the Redis cache implementation

...

Authentication Bypass

openssl is vulnerable to authentication bypass. The vulnerability exists through an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as...

Clario: Account verification bypass on translate.kromtech.com

Account verification bypass on translate.kromtech.com Summary: An account could be registered on translate.kromtech.com but the functionality returns "Access denied or Your user wasn't activated yet. ". But it's implemented in a strange way, every time we make a request that requires user to be...

Amazon Linux AMI : openssl (ALAS-2018-1065)

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

CVE-2018-0733

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

Design/Logic Flaw

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

CVE-2018-0733

OpenSSL CVE-2018-0733 targets PA-RISC on HP-UX, where the PA-RISC CRYPTO_memcmp implementation is buggy and effectively compares only the least significant bit of each byte. This can allow forging messages to be accepted as authentic, reducing the effort needed for an attack. The vulnerability is...

Vulnerability in OpenSSL - Incorrect CRYPTO_memcmp on HP-UX PA-RISC

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

Ruby: controlled buffer under-read in pack_unpack_internal()

Brief ----- There is a signedness error in the packunpackinternal, allowing the '@' type to trigger a buffer under-read when unpacking with a controlled format similar to format string implementation vulnerabilities. Code Vulnerability -------------------- Vulnerable version: 2.5.0 rc and prior...

OpenSSL 1.1.0 < 1.1.0h Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0h. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0h advisory. - Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given maliciou...