CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

go-tuf improperly validates the configured threshold for delegations

Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...

CVE-2022-33221

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests...

EUVD-2018-5843

Malware in sbrugna...

EUVD-2022-36264

Malicious code in bioql PyPI...

CVE-2018-13909

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2022-33221

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests...

Information disclosure

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests...

CVE-2022-33221

CVE-2022-33221 describes an information disclosure via a buffer over-read in the Trusted Execution Environment when processing metadata verification requests. Multiple connected sources attribute the issue to Qualcomm closed-source components/T EE; impact is confidentiality loss with potential lo...

CVE-2022-33221 Buffer over-read in Trusted Execution Environment

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests...

PT-2023-13243 · Unknown · Trusted Execution Environment

Name of the Vulnerable Software and Affected Versions: Trusted Execution Environment affected versions not specified Description: The issue is related to information disclosure in the Trusted Execution Environment. It occurs due to a buffer over-read when processing metadata verification requests...

CVE-2022-29172 HTML injection with additional signup fields

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

GHSA-F8MR-JV2C-V8MG Invalid root may become trusted root in The Update Framework (TUF)

Impact The Python TUF reference implementation tuf0.12 will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a man-in-the-middle attack culminating i...

GHSA-PWQF-9H7J-7MV8 Incorrect threshold signature computation in TUF

Impact Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the...

CVE-2018-13909

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

Code injection

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2018-13909

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2018-16253

Removed by vendor...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3381-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3381-1 advisory. Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use thi...