339 matches found
Squid has issues in ICP message handling
...
EUVD-2026-15274
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Open5GS Denial of Service Vulnerability (CNVD-2026-14249)
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.7.6 and earlier. The vulnerability stems from the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of t...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.7.6 and earlier. The vulnerability stems from the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of t...
Sigstore 安全漏洞
Sigstore is an open-source software signature verification library developed by sigstore. Versions of Sigstore prior to 0.2.3 contained security vulnerabilities. These vulnerabilities stemmed from the improper propagation of failure messages during the verification process, which could lead to...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
MiracleLinux 9 : linux-firmware-20240603-143.1.el9_4 (AXSA:2024-8596:08)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8596:08 advisory. kernel: Reserved fields in guest message responses may not be zero initialized CVE-2023-31346 Tenable has extracted the preceding description block directly...
CVE-2025-71166
CVE-2025-71166 affects Typesetter CMS versions up to and including 5.1. The vulnerability is a reflected cross-site scripting (XSS) in the administrative interface, specifically in the Tools Status move message handling. The path parameter is reflected into HTML output without proper encoding in ...
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2021-22306
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182C00E180R6P2. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service...
Security update for buildah
This update for buildah fixes the following issues: CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size bsc1254054 CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in...
SUSE-SU-2025:4526-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size bsc1254054 - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type...
CVE-2023-54036
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory especially? when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H ca...
Authorization Bypass
Spring Framework is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of authorization checks in STOMP over WebSocket message handling, which allows an attacker to send unauthorized messages and bypass intended security controls...
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
...
EUVD-2020-6397
Malware in sbrugna...
EUVD-2018-7472
Malware in sbrugna...
EUVD-2020-6377
Malware in sbrugna...