Astra Linux - уязвимость в python-httplib2

In httplib2 before version 0.18.0, an attacker who controlled unescaped parts of the URI for httplib2.Http.request could alter request headers and the request body, and send additional hidden requests to the same server. This vulnerability affects software that uses httplib2 with URIs constructed...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks Host and Origin header validation on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a...

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

EUVD-2026-18522

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

PT-2026-29877

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing to mono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy result...

CVE-2025-65548

CVE-2025-65548 affects Nutshell (cashubtc/nuts) prior to 0.18.0. The issue is that when spending a token, the preimage size is not validated, and the preimage is stored by the mint, enabling an attacker to fill the mint’s database and disk with arbitrary data. Public sources consistently describe...

SUSE CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

UBUNTU-CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

RNP 安全漏洞

RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...

EUVD-2019-8627

Malware in sbrugna...

CVE-2019-18960

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes...

openSUSE 15 Security Update : restic (openSUSE-SU-2025:0110-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0110-1 advisory. Update to 0.18.0 - Sec 5291: Mitigate attack on content-defined chunking algorithm - Fix 1843: Correctly restore long filepaths' timestamp on old Windows...

python-ecdsa: vulnerable to the Minerva attack

A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...

python-ecdsa: vulnerable to the Minerva attack

A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...

PT-2024-19822 · Pypi +1 · Ecdsa +1

Name of the Vulnerable Software and Affected Versions: ecdsa versions 0.18.0 and prior Description: The ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography, is affected by a Minerva timing attack on the P-256 curve. This attack can leak the internal nonce when usin...

GHSA-Q55C-HMPF-6H2G AzuraCast/AzuraCast vulnerable to cross-site scripting

AzuraCast/AzuraCast prior to version 0.18.0 is vulnerable to stored cross-site scripting. An issue was identified where a user who already had an AzuraCast account could update their display name to inject malicious JavaScript into the header menu of the site. In a majority of cases, this menu is...

go-libp2p 资源管理错误漏洞

go-libp2p is the libp2p implementation in Go. A resource management error vulnerability exists in go-libp2p v0.18.0 and earlier versions, which stems from the fact that an attacker can realize that allocating a large amount of memory causes a process to be killed by the host operating system...

PT-2022-16026 · Go-Libp2P · Go-Libp2P

Name of the Vulnerable Software and Affected Versions: go-libp2p versions 0.18.0 and older Description: The issue concerns targeted resource exhaustion attacks that affect libp2p's connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory,...

Ethermint 安全漏洞

Ethermint is a Cosmos SDK library for running scalable and interoperable EVM chains. A security vulnerability exists in versions of Ethermint prior to v0.18.0, which stems from an error in the DeleteAccount function, where all contracts using the same bytecode will also stop working when one...

Denial of Service in varnish-modules version 0.18.0

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28543. Reason: This candidate is a duplicate of CVE-2021-28543. Notes: All CVE users should reference CVE-2021-28543 instead of this candidate...