CVE-2020-9107

HUAWEI P30 Pro versions earlier than 10.1.0.160C00E160R2P8 have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...

CVE-2020-11165

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired...

CVE-2024-23953

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

CVE-2025-24135

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges...

CVE-2025-24135

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges...

CVE-2025-24135

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges...

CVE-2025-24135

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges...

CVE-2025-24135

CVE-2025-24135 affects macOS prior to Sequoia 15.3 and is associated with the System Extensions component. The issue arises from insufficient message validation, enabling an app to potentially gain elevated privileges on a local basis. Apple’s Sequoia 15.3 security content lists CVE-2025-24135 un...

PT-2025-5306 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.3 Description: The issue allows an app to potentially gain elevated privileges due to inadequate message validation. This has been addressed with improved message validation. Recommendations: For versions prior to...

CVE-2024-49568

CVE-2024-49568 affects the Linux kernel net/smc implementation. The issue arises when receiving a proposal message: fields v2_ext_offset, eid_cnt, and ism_gid_cnt from the remote client are not fully trustworthy; if v2_ext_offset exceeds the max value, it can trigger an out-of-bounds access and a...

CVE-2024-49571 net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg

In the Linux kernel, the following vulnerability has been resolved: net/smc: check ipareaoffset and ipv6prefixescnt when receiving proposal msg When receiving proposal msg in server, the field ipareaoffset and the field ipv6prefixescnt in proposal msg are from the remote client and can not be ful...

CVE-2024-47408 net/smc: check smcd_v2_ext_offset when receiving proposal msg

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcdv2extoffset when receiving proposal msg When receiving proposal msg in server, the field smcdv2extoffset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcdv2extoffset...

Acronis Cyber Protect 跨站脚本漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. It combines backup, anti-malware, network security and endpoint management features e.g. vulnerability assessment, URL filtering, patch management, etc.. A cross-site scripting...

Improper Message Recipient Validation

moodle/moodle is vulnerable to Improper Message Recipient Validation. The vulnerability is due to insufficient input validation. Specifically, the system does not properly verify that the message recipients belong to the set of users returned by the non-respondents report, allowing messages to be...

UBUNTU-CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

GHSA-7Q74-G774-7X3G Interchain Security: The signers of ICS messages do not need to match the provider address

Context ICS has the following four messages that enable validators on the provider chain to perform different actions: - MsgOptIn -- adds a validator to the consumer chain’s active set - MsgOptOut -- removes a validator from the consumer chain’s active set - MsgAssignConsumerKey -- changes the...

SUSE SLES15 Security Update : bind (SUSE-SU-2024:2863-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2863-1 advisory. Update to 9.16.50: - Bug Fixes: A regression in cache-cleaning code enabled memory use to grow significantly more quickly than...

SUSE-SU-2024:2862-1 Security update for bind

This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. Using rndc flush inadvertently caused...

SUSE-SU-2024:1894-1 Security update for bind

This update for bind fixes the following issues: - CVE-2023-50387: Fixed validating DNS messages containing a lot of DNSSEC signatures that could have let to a denial-of-service bsc1219823. - CVE-2023-50868: Fixed NSEC3 closest encloser proof that could have let to a denial-of-service bsc1219826....