29 matches found
Astra Linux - уязвимость в linux
A issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as fully unfragmented frames. An adversary can exploit this vulnerability to inject arbitrary...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-39399
The CVE affects NuGetGallery, specifically the backend job that processes .nuspec files inside NuGet packages. A crafted nuspec with malicious metadata can trigger cross-package metadata injection due to insufficient input validation, potentially enabling remote code execution (RCE) and arbitrary...
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
EUVD-2026-22805
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2022-26469
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598...
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...
EUVD-2022-31028
Malicious code in bioql PyPI...
CVE-2022-26469
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598...
CVE-2022-26469
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598...
CVE-2022-26469
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598...
Privilege escalation
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598...
CVE-2022-26469
CVE-2022-26469 affects MediaTek’s MtkEmail module and describes a local privilege-escalation vulnerability caused by fragment injection. The issue permits escalation without requiring execution privileges and with no user interaction, aligning with a high impact (confidentiality, integrity, and a...
CVE-2022-26469
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598...
MediaTek 芯片安全漏洞
MediaTek chips are a variety of chips from MediaTek, a company owned by MediaTek of China. A security vulnerability exists in the MtkEmail module of the MediaTek chips, which results in privilege escalation due to fragment injection. This could result in a local privilege escalation without...
PT-2022-17881 · Mediatek · Mtkemail
Name of the Vulnerable Software and Affected Versions: MtkEmail affected versions not specified Description: The issue is related to a possible escalation of privilege due to fragment injection in MtkEmail. This could lead to local escalation of privilege with no additional execution privileges...
CLSA-2022-1648067939 Fix of CVE: CVE-2021-23192, CVE-2020-25717, CVE-2016-2124
CVE-2016-2124: Fix privilege escalation in Samba SMB1 authentication rhbz2021163 - CVE-2021-23192: Fix DCE/RPC fragment injection vulnerability rhbz2021167 - CVE-2020-25717: Fix privilege escalation in the way Samba maps domain users to local users rhbz2021171...
samba: Subsequent DCE/RPC fragment injection vulnerability
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...