CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

SUSE CVE-2024-53846

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

Erlang/OTP 信任管理问题漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library can catch exceptions raised by the node.js built-in API. A trust management issue vulnerability exists in Erlang/OTP OTP-25.3.2.8 version, OTP-26.2 version, and OTP-27.0 version,...

Incorrect Key Verification

in-toto is vulnerable to Incorrect Key Verification. The vulnerability exists because GnuPG is not invoked during key verification when specifying the PGP key via its ID, which allows an attacker to bypass validity checks inside GnuPG. For example, because in-toto does not properly use GnuPG, a P...

GHSA-F737-3FH6-JF6W Prototype Pollution in vConsole

vConsole was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts...

CVE-2023-30363

vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)

This update for java-170-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

FreeBSD : PostgreSQL -- minor security problems. (fc38cd83-00b3-11e5-8ebd-0026551a22dc)

PostgreSQL project reports : This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. - CVE-2015-3165 Double 'free' after...

Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...