[SECURITY] [DSA 6294-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6294-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2026-3541

An inappropriate implementation flaw was found in the CSS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484811719...

Google Chrome < 143.0.7499.109 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 143.0.7499.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 202512stable-channel-update-for-desktop10 advisory. - Use after free in Password Manager in Google Chrome prior to 143.0.7499.110...

EUVD-2011-3064

Malware in sbrugna...

EUVD-2001-0355

Malware in sbrugna...

EUVD-2019-15327

Malware in sbrugna...

EUVD-2021-8686

Malicious code in bioql PyPI...

CVE-2021-25370

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic...

CVE-2018-9426

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...

Wireshark Security Update (wnpa-sec-2025-01) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Kolide Agent 安全漏洞

Kolide Agent Kolide Launcher is a Kolide open source lightweight agent designed to work with Kolide's services. A security vulnerability exists in Kolide Agent that stems from the inclusion of an implementation error that could lead to elevation of privilege...

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to relo...

Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to an implementation error in the validation process for digital signatures using asymmetric algorithms. which allows attackers to forge tokens by exploiting the signature verification flaw...

CVE-2024-26327

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations...

Design/Logic Flaw

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...

CVE-2023-20042

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...

[ADRIRO-NEW-M-01] Manager authorization in VotiumStrategy still leaves room for unprotected access

Lines of code Vulnerability details Summary Access control has been added to the VotiumStrategy contract with the intention of restricting functionality only to AfEth. However, an error in the implementation still leaves the contract publicly accessible. Impact In the updated codebase, the sponso...

CVE-2023-4097

CVE-2023-4097 affects IDM Sistemas QSige. The issue is a file upload vulnerability where the upload function accepts any file type due to improper implementation, requiring an authenticated user. Impact is reported as high (C/H/I/A) with CVSS v3.1 base score 8.8. Documented details do not specify...

M-03 Unmitigated

Lines of code Vulnerability details Mitigation of M-03: Issue not mitigated, see comments Link to Issue: code-423n4/2023-05-ambire-findings16 Comments The issue is not mitigated. There is an error in the implementation of the mitigation of M-03. See report adriro-MR-M-03-ERROR for details. Assess...