CVE-2025-24936

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to th...

CVE-2025-24938

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access administrator to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable...

CVE-2025-24937

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible...

CVE-2025-24937

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible...

CVE-2025-24937 Access to local file system and its content

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible...

PT-2025-30233

Name of the Vulnerable Software and Affected Versions: File contents affected versions not specified Description: An attacker could read file contents from the local file system. Malicious code could be inserted into the file, potentially leading to a full compromise of the web application and it...

PT-2025-30234 · Nokia · Wavesuite Noc

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access...

CVE-2025-38124 net: fix udp gso skb_segment after pull from frag_list

In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skbsegment after pull from fraglist Commit a1e40ac5b5e9 "net: gso: fix udp gso fraglist segmentation after pull from fraglist" detected invalid geometry in fraglist skbs and redirects them from skbsegmentlist to...

SUSE-SU-2025:02127-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002325 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...

FreeRTOS-Plus-TCP 安全漏洞

FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP that stems from a buffer overflow when processing LLMNR or mDNS queries, which could lead to out-of-bounds writes...

CVE-2024-53026 Buffer Over-read in Data Network Stack & Connectivity

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call...

CVE-2024-53021

CVE-2024-53021 is a Qualcomm chipset vulnerability described in connected PT-2025-23579 and PT-2025-23577 as an information-disclosure issue that occurs while processing goodbye RTCP/RTP packets. The root cause is a buffer over-read in the data network stack during decoding/construction of RTCP h...

CVE-2024-53021 Buffer Over-read in Data Network Stack & Connectivity

Information disclosure may occur while processing goodbye RTCP packet from network...

CVE-2024-53021 Buffer Over-read in Data Network Stack & Connectivity

Information disclosure may occur while processing goodbye RTCP packet from network...

CVE-2024-53020 Buffer Over-read in Data Network Stack & Connectivity

Information disclosure may occur while decoding the RTP packet with invalid header extension from network...

CVE-2024-53020 Buffer Over-read in Data Network Stack & Connectivity

Information disclosure may occur while decoding the RTP packet with invalid header extension from network...

CVE-2024-53020

CVE-2024-53020 is reported as information disclosure that may occur when decoding RTP packets with an invalid header extension, linked to Qualcomm chipsets’ data/network stack. Connected sources describe a buffer over-read and information disclosure risk in the affected component but do not provi...

CVE-2024-53019

CVE-2024-53019 is a buffer over-read in Qualcomm closed-source components of the Data Network Stack during RTP packet processing. The root cause is an improper RTP header length handling for the number of contributing sources, leading to information disclosure. The CVSSv3.1 base score is 8.2 (Hig...

CVE-2023-33973

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...

CVE-2023-24819

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...