OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

PT-2026-42019

Name of the Vulnerable Software and Affected Versions ledgerhq/hw-app-eth versions prior to 6.34.7 Description An integer parsing issue exists where incorrect hexadecimal field parsing occurs when values contain an odd number of characters. This allows attackers to manipulate EIP-712 typed data...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function wl1271txallocate. When this function fails and returns-EAGAIN, it misinterprets the...

CVE-2026-3219

A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...

CVE-2026-40046

A flaw was found in Apache ActiveMQ, Apache ActiveMQ All and Apache ActiveMQ MQTT. The fix for CVE-2025-66168 was not applied for 6.0.0+ versions. This exposed the underlying integer overflow/wraparound vulnerability when handling MQTT control packets, causing the broker to misinterpret payloads...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241781 This update to version 1.31.9 jscPED-11105 Find full changelog...

BIT-PYTHON-2025-1795 Mishandling of comma during folding and unicode-encoding of email headers

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted...

K000141479: Wget vulnerability CVE-2024-38428

Security Advisory Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

SUSE CVE-2009-0835

The securecomputing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x8664 platform, when CONFIGSECCOMP is enabled, does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows...

Domain Name Relay Daemon 安全漏洞

Domain Name Relay Daemon DNRD is a Sourceforge open source caching, forwarding DNS proxy server. A security vulnerability exists in DNRD Domain Name Relay Daemon version 2.20.3, which stems from a domain name and its associated IP address being cached in its misinterpreted form, where the...

[SECURITY] [DLA 2405-1] httpcomponents-client security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2405-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2020 https://wiki.debian.org/LTS -...