EUVD-2026-38854

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

TVT NVMS 1000 - Local File Inclusion

TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. id: CVE-2019-20085 info: name: TVT NVMS 1000 - Local File Inclusion author: daffainfo severity: high description: | TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. impact: | An attacker can exploit this...

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

CVE-2026-31670

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

Photon OS 4.0: Python3 PHSA-2026-4.0-1000

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1000. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Critical Photon OS Security Update - PHSA-2026-4.0-1000

Updates of 'python3-ujson', 'jq', 'python3-pyOpenSSL', 'python3-pyasn1' packages of Photon OS have been released...

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

EUVD-2019-19888

RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigg...

EUVD-2019-19837

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat,...

CVE-2019-25546

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new shar...

CVE-2019-25559

SpotPaltalk 1.1.5 contains a local-denial-of-service vulnerability in the registration Name/Key field. The issue allows a local attacker to crash the application by submitting an excessively long input (a 1000-character buffer) and pressing OK. According to the CVSS data, the impact is on availab...

CVE-2026-27821

GPAC has a stack-based overflow in NHML demuxer (dmx_nhml.c) affecting versions up to 26.02.0. The parser copies the xmlHeaderEnd attribute into a 1000-byte buffer with strcpy(), enabling overflow if input exceeds 1000 bytes. A fix is available via commit 9bd7137fded2db40de61a2cf3045812c8741ec52....

CVE-2020-37208

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service...

CVE-2020-37204

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash...

CVE-2020-37199

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash...

CVE-2020-37195

BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash...

CVE-2020-37194

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash...

CVE-2020-37208 SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service...

CVE-2020-37204 RemShutdown 2.9.0.0 - 'Key' Denial of Service

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash...

CVE-2020-37199

CVE-2020-37199 affects NBMonitor 1.6.6.0. The vulnerability is in the registration key input, where a 1000-character payload pasted into the Key field can crash the application (denial of service). The document does not provide additional technical details about the root cause, affected versions ...