Linux Distros Unpatched Vulnerability : CVE-2026-42770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: ...

ALPINE-CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

CVE-2026-42770

CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...

CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

PT-2026-31041

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS modules versions 3.0 through 3.6 Description Applications using RSASVE key encapsulation can send contents of an uninitialized memory buffer to a malicious peer, potentially leading to sensitive data leakage. This occurs when...

CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flbmalloc return value is not validated by flbavro.c or httpserver/api/v1/metrics.c...

python39:3.9 security update

An update is available for python-cffi, module.numpy, module.python3x-setuptools, module.python-psutil, python-urllib3, module.scipy, python-lxml, python-pycparser, python3x-pip, module.python-wheel, python3x-six, PyYAML, python-chardet, module.python-idna, module.python3x-six, python-psutil,...

com.qwlabs.doraemon:feature-flags (>=0.2.239 <=0.2.256), com.qwlabs.doraemon:q-api (>=0.2.239 <=0.2.256) +8 more potentially affected by CVE-2023-6393 via io.quarkus:quarkus-cache (>=3.2.0.CR1 <=3.2.8.Final)

io.quarkus:quarkus-cache MAVEN version =3.2.0.CR1, =0.2.239, =0.2.239, =0.2.239, =0.2.239, =3.2.0.CR1, =3.2.0.CR1, =3.2.0.CR1, =3.2.0.CR1, =3.2.0.CR1, =2.0.17, =2.1.0-BETA-7 Source cves: CVE-2023-6393 Source advisory: OSV:GHSA-XFV5-JQGP-VQHJ...

com.qwlabs.doraemon:feature-flags (>=0.2.257 <=0.2.290), com.qwlabs.doraemon:graphql (>=0.2.282 <=0.2.290) +10 more potentially affected by CVE-2023-6393 via io.quarkus:quarkus-cache (>=3.3.0.CR1 <=3.5.1)

io.quarkus:quarkus-cache MAVEN version =3.3.0.CR1, =0.2.257, =0.2.282, =0.2.281, =0.2.282, =0.2.257, =0.2.257, =0.2.257, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.5.1 Source cves: CVE-2023-6393 Source advisory: OSV:GHSA-XFV5-JQGP-VQHJ...

AZL-27111 CVE-2023-29402 affecting package golang for versions less than 1.20.7-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

biz.lobachev.annette:application_2.13 (>=0.1.2 <=0.3.0), biz.lobachev.annette:attributes_2.13 (>=0.1.2 <=0.2.5) +71 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.13 (>=1.0.4 <=4.0.1)

com.typesafe.akka:akka-stream-kafka2.13 MAVEN version =1.0.4, =0.1.2, =0.1.2, =0.1.2, =0.3.0, =0.1.2, =0.1.2, =0.3.0, =0.3.0, =1.0.1, =22.10.0, =0.1.6, =0.1, =0.0.0-NIGHTLY01122020, =back-to-core-SNAPSHOT-4 and more Source cves: CVE-2023-29471 Source advisory: OSV:GHSA-55VQ-XPJF-R2XC...

org.dspace.modules:additions (>=4.0 <=5.10), org.dspace.modules:jspui (>=4.0 <=5.10) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=4.0 <=5.10)

org.dspace:dspace-api MAVEN version =4.0, =4.0, =4.0, =4.0, =5.0, =5.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =5.0, =5.10 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

python: Multiple integer overflows in python core

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the 1 stringobject, 2 unicodeobject, 3 bufferobject, 4 longobject, 5 tupleobject, 6 stropmodule, 7 gcmodule, and 8 mmapmodule modules. NOTE: The expandtabs...

python: Multiple integer overflows discovered by Google

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...

Phorum 3.x - &#039;profile.php?target&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...