963 matches found
CVE-2026-55952
A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...
CVE-2026-55952
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...
EUVD-2026-41412
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Perl DBI module vulnerabilities (USN-8466-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8466-1 advisory. It was discovered that the Perl DBI module incorrectly handled certain...
USN-8466-1 libdbi-perl vulnerabilities
It was discovered that the Perl DBI module incorrectly handled certain error messages. An attacker could use this issue to cause applications using the Perl DBI module to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-9698 It was discovered that the Perl DBI...
Astra Linux – Vulnerability in Linux
In the binderreleasework function of binder.c, there is a potential use-after-free issue due to improper locking. This could lead to a local escalation of privileges in the kernel, without the need for additional execution privileges. User interaction is not required for exploitation. Product:...
CVE-2026-50207
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
CVE-2026-37525
AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-;context, NULL before...
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...
CVE-2026-50207
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-50207 Local Modem Manipulation via Binder Interfaces
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
EUVD-2026-34219
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-50207 Local Modem Manipulation via Binder Interfaces
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-50207
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-50207
The CVE-2026-50207 issue involves the system Binder boundary that accepts unverified pass-through AT commands, enabling local applications to read baseband files or disable cellular connectivity. The vulnerability is described as local, with impact to confidentiality, integrity, and availability ...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the system’s Binder boundary accepting unverified direct access AT commands, which may allow local applications to read baseban...
PT-2026-46159
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed the issue where dereferencing the null-ptr variable occurred unexpectedly. Syzbot reported several issues introduced by commit 44e602b4e52f „binderalloc: added missing mmaplock calls when using VMA”. In these...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed a UAF Use-After-Free issue caused by a race condition involving ref-proc. A transaction of type BINDERTYPEWEAKHANDLE may fail to increment the reference count of a node. In this case, the target proc normally releas...