Monthly
OpenSSH sshd before version 10.4 silently ignores the GSSAPIStrictAcceptorCheck configuration directive when the server is integrated with Windows Active Directory, defeating a security control that administrators rely on to enforce GSSAPI acceptor name validation during Kerberos-based SSH authentication. This undocumented behavior means AD-joined SSH servers may accept GSSAPI authentications against unintended Kerberos service principals regardless of how the option is configured, yielding limited confidentiality and integrity impact. No public exploits or active exploitation have been identified; the CVSS AC:H rating reflects the specific environmental prerequisites required for exploitation.
Consensus failure in Zebra nodes before 4.3.1 allows remote attackers to trigger network partitioning by submitting V4 or V5 transactions with invalid sighash hash types. After a refactoring removed critical validation logic from C++ FFI code, Zebra failed to enforce consensus rules restricting hash type values in transparent transaction signatures, creating divergence from zcashd nodes. Attackers can exploit this remotely without authentication (CVSS:4.0 AV:N/AC:L/PR:N) to partition the Zcash network and enable potential double-spend attacks. No public exploit identified at time of analysis, but GitHub advisory (GHSA-8m29-fpq5-89jj) confirms the attack mechanism and vendor-released patches are available.
BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. versions up to 2.0.0 contains a security vulnerability (CVSS 5.4).
libsnowflakeclient is the Snowflake Connector for C/C++. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenSSH sshd before version 10.4 silently ignores the GSSAPIStrictAcceptorCheck configuration directive when the server is integrated with Windows Active Directory, defeating a security control that administrators rely on to enforce GSSAPI acceptor name validation during Kerberos-based SSH authentication. This undocumented behavior means AD-joined SSH servers may accept GSSAPI authentications against unintended Kerberos service principals regardless of how the option is configured, yielding limited confidentiality and integrity impact. No public exploits or active exploitation have been identified; the CVSS AC:H rating reflects the specific environmental prerequisites required for exploitation.
Consensus failure in Zebra nodes before 4.3.1 allows remote attackers to trigger network partitioning by submitting V4 or V5 transactions with invalid sighash hash types. After a refactoring removed critical validation logic from C++ FFI code, Zebra failed to enforce consensus rules restricting hash type values in transparent transaction signatures, creating divergence from zcashd nodes. Attackers can exploit this remotely without authentication (CVSS:4.0 AV:N/AC:L/PR:N) to partition the Zcash network and enable potential double-spend attacks. No public exploit identified at time of analysis, but GitHub advisory (GHSA-8m29-fpq5-89jj) confirms the attack mechanism and vendor-released patches are available.
BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. versions up to 2.0.0 contains a security vulnerability (CVSS 5.4).
libsnowflakeclient is the Snowflake Connector for C/C++. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.