7 matches found
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
EUVD-2025-202702
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...
PT-2025-34194 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.1 Mattermost versions 9.11.x through 9.11.17 Description: The Mattermost application does not properly validate file...
Singularity Image Format 加密问题漏洞
Singularity Image Format is a compressed squashfs file system from Singularity that has a block organization structure, including metadata and definition files for containers, first labels, partition contents, signatures if they exist, and, of course, the containers for the binaries themselves...
DEBIAN-CVE-2019-18625
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST...
Samba libcli/smb/smbXcli_base.c Security Mechanism Bypass Vulnerability
Samba is a freeware implementation of the SMB protocol on Linux and UNIX systems, consisting of a server and a client program. Samba 4.0.0 - 4.4.4 libcli/smb/smbXclibase.c suffers from a security vulnerability in its implementation, which allows a man-in-the-middle attacker, via the...
OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...