Ubuntu 22.04 LTS : Snowflake vulnerabilities (USN-7966-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7966-1 advisory. It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit on the amount of data that was buffered during the handshake. An attacker...

EUVD-2024-52233

Malicious code in bioql PyPI...

EUVD-2025-29190

Malicious code in bioql PyPI...

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

CVE-2024-29190

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

CVE-2024-29190

creationtimestamp| type| source ---|---|--- 2024-03-26 12:48:13+00:00| published-proof-of-concept| https://t.me/cKure/12599 2024-03-27 20:12:45+00:00| published-proof-of-concept| Telegram/TWxU8iN-TYn0kncSO1uxug7sedYGGHFx9vwZnyjHkQUOEM 2024-06-01 02:51:42+00:00| seen|...

CVE-2024-29190

MobSF (Mobile Security Framework) vulnerability CVE-2024-29190 causes SSRF via hostname extraction in android:host when input validation is not performed in versions up to 3.9.5 Beta. The issue arises from host resolution in valid_host(), where socket.gethostbyname() can be abused with DNS rebind...

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

CVE-2022-29190

creationtimestamp| type| source ---|---|--- 2022-05-21 07:47:55+00:00| seen| https://t.me/cibsecurity/43137...

DEBIAN-CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

CVE-2022-29190

Pion DTLS (Go) before v2.1.4 is vulnerable to an infinite-loop processing bug that an attacker can trigger, potentially causing a denial of service (availability impact high). The issue is fixed in v2.1.4. Multiple advisories (Ubuntu USN-7966-1/2, OSS vulnerabilities, Nessus/OSV entries) corrobor...

CVE-2022-29190 Header reconstruction method can be thrown into an infinite loop in Pion DTLS

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

CVE-2022-29190 Header reconstruction method can be thrown into an infinite loop in Pion DTLS

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...