CLSA-2026-1776855642 Fix CVE(s): CVE-2019-17498, CVE-2019-3857

SECURITY UPDATE: Integer overflow leading to out-of-bounds write when SSHMSGCHANNELREQUEST packets with exit signal messages are parsed. - debian/patches/CVE-2019-3857.patch: check namelen + 1 does not overflow before allocation in exit-signal handling. - CVE-2019-3857 SECURITY UPDATE: Integer...

CVE-2026-3857

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchlod2p25 2026-03-25 16:17:09+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3857 2026-03-25 16:23:23+00:00| seen|...

GitLab 17.10 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-3857)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute...

EUVD-2026-3857

Cross-Site Request Forgery CSRF vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through = 9.0.12...

MiracleLinux 8 : thunderbird-115.10.0-2.el8_9.ML.1 (AXSA:2024-7726:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7726:10 advisory. Mozilla: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3302 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : libssh2-1.4.3-12.el7.2 (AXSA:2019-3791:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3791:02 advisory. Security Fix - libssh2 SSH CVE-2019-3855 - libssh2 SSH CVE-2019-3856 - libssh2SSHMSGCHANNELREQUESTEXIT SSH CVE-2019-3857 - libssh2 char CVE-2019-386...

TencentOS Server 4: firefox (TSSA-2024:0153)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0153 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3857)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects t...

Linux Distros Unpatched Vulnerability : CVE-2024-3857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affect...

TencentOS Server 3: thunderbird (TSSA-2024:0142)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2021-3857

chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2011-3857

Cross-site scripting XSS vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...

CVE-2025-3857

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

CVE-2019-3857

creationtimestamp| type| source ---|---|--- 2025-04-23 20:04:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13136...

CVE-2025-3857

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

CVE-2025-3857

creationtimestamp| type| source ---|---|--- 2025-04-21 16:02:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12688 2025-04-21 18:31:51+00:00| published-proof-of-concept| Telegram/5EJUZnGupE7gi7RJmr2FV0ZRgpmrRFRfEIarwGmxg4P8ExE 2025-04-21 18:59:10+00:00| seen|...

CVE-2025-3857

Summary: A vulnerability in Amazon.IonDotnet’s RawBinaryReader can cause an infinite loop when reading binary Ion data if the input is malformed or truncated, due to not checking the number of bytes read from the underlying stream. This could lead to denial of service. Affected versions: Amazon.I...

CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition tha...

Azure Linux 3.0 Security Update: libpng / tensorflow (CVE-2022-3857)

The version of libpng / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3857 advisory. - libpng: Null pointer dereference leads to segmentation fault CVE-2022-3857 Note that Nessus has...

CVE-2022-3857 affecting package syslinux 6.04-10

CVE-2022-3857 affecting package syslinux 6.04-10. This CVE either no longer is or was never applicable...