26 matches found
CVE-2026-57062
CVE-2026-57062: The CMS parsing in GnuPG’s gpgsm (up to version 2.5.20) mishandles AES-GCM when processing CMS structures, accepting an aes-ICVlen of 4 bytes instead of the required 12. This is a component/format handling flaw in GnuPG’s CMS implementation. The CVE record cites a related issue (C...
EUVD-2011-0825
Malware in sbrugna...
EUVD-2015-0436
Malware in sbrugna...
EUVD-2022-29018
Malicious code in bioql PyPI...
EUVD-2025-16304
Malicious code in bioql PyPI...
BELL-CVE-2023-53468
Bulletin has no description...
SUSE CVE-2025-53628
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...
DEBIAN-CVE-2025-53629
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...
CVE-2021-1109
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams...
CVE-2025-46580
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL...
CVE-2025-46580 ZTE GoldenDB Database product has a code-related vulnerability
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL...
CVE-2025-46580 ZTE GoldenDB Database product has a code-related vulnerability
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL...
Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)
The version of php installed on the remote host is prior to 8.1.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...
SUSE CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
FreeBSD : gitea -- Prevent anonymous container access (bd7592a1-cbfd-11ee-a42a-5404a6f3ca32)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 advisory. - Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...
Updated xpdf packages fix security vulnerability
In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. CVE-2022-24106 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc...
CVE-2022-24106
In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc...
CVE-2022-24106
In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc...
CVE-2021-23857
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system...
CVE-2019-11682
A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395...