61 matches found
RLSA-2026:24338 Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
CVE-2026-47430
Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...
CVE-2026-25658
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...
CVE-2026-25657
CVE-2026-25657 affects Ericsson Packet Core Gateway (PCG) versions prior to 1.30. The issue is an Improper Handling of Syntactically Invalid Structure (CWE-228). An attacker can continuously send a specially crafted message to degrade service; impact is on availability. The description notes the ...
PT-2026-44769
Name of the Vulnerable Software and Affected Versions Acer Predator Connect W6x versions prior to W6x GBL 2.00.000008 Description Crafted MQTT messages can trigger command injection, allowing for root-level remote code execution on the target device without requiring authentication. Recommendatio...
Important: dovecot security update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
EUVD-2024-55516
Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
📄 MongoDB BSON Decompression OP_COMPRESSED Memory Disclosure
This Metasploit module demonstrates an educational memory leak in MongoDB BSON decompression. It sends malformed BSON in OPCOMPRESSED messages to trigger memory disclosure. Quite a huge list of versions are affected...
CVE-2026-22626
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages...
CVE-2026-0710 Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability
A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol SIP messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions...
openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...
PT-2025-52761
Name of the Vulnerable Software and Affected Versions FreyrSCADA/IEC-60870-5-104 server version 21.06.008 Description The software is susceptible to a denial of service condition. Remote attackers can trigger this by transmitting specifically crafted message sequences. Recommendations Update to a...
openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...
CVE-2025-62791
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat implementation does not check the return the value of cJSONGetObjectItem for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by...
Rockwell Automation Compact GuardLogix 5370 安全漏洞
The Rockwell Automation Compact GuardLogix 5370 is a secure programmable logic controller from Rockwell Automation, Inc. A security vulnerability exists in the Rockwell Automation Compact GuardLogix 5370 that originates from a failure when sending a specially crafted CIP unconnected explicit...
GitLab CE和EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 15.0 through 18.1.6 prior...
CVE-2025-8008
A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash...
rPGP 安全漏洞
rPGP is a pure Rust implementation of OpenPGP open sourced by rPGP. A security vulnerability exists in rPGP versions prior to 0.14.1. An attacker exploiting this vulnerability could cause resource exhaustion by providing specially crafted messages...