18 matches found
SUSE CVE-2026-27856
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...
UBUNTU-CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2026-33218
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...
CVE-2026-33218 NATS has pre-auth server panic via leafnode handling
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...
EUVD-2025-24858
Malicious code in bioql PyPI...
SUSE CVE-2025-9039
We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent
We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...
PT-2024-28271 · H3C · H3C Magic R230
Name of the Vulnerable Software and Affected Versions: H3C Magic R230 version V100R002 Description: The issue allows attackers to execute arbitrary commands due to the udpserver opening port 9034. Recommendations: For H3C Magic R230 version V100R002, consider restricting access to port 9034 as a...
PT-2023-4899 · Eprosima +2 · Eprosima Fast Dds +2
Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.11.0 eprosima Fast DDS versions prior to 2.10.2 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.5 Description: The issue is related to an error in exception handling in t...
PT-2023-14507 · Avalanche · Avalanche
Name of the Vulnerable Software and Affected Versions: Avalanche versions 6.3.x and below Description: An improper authentication issue exists, allowing an unauthenticated attacker to modify properties on a specific port. Recommendations: For Avalanche versions 6.3.x and below, update to a versio...
DEBIAN-CVE-2023-22496
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...
PT-2022-26990 · D Link · D-Link Dir-825
Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 1.0.9/EE Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the Dreambox...
PT-2021-3176
Name of the Vulnerable Software and Affected Versions vSphere Client HTML5 affected versions not specified VMware vCenter Server affected versions not specified Description The issue exists due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default i...
PT-2018-1519 · Containous · Traefik
Name of the Vulnerable Software and Affected Versions: Containous Traefik versions 1.6.x through 1.6.5 Description: The issue is related to errors in the implementation of the API in the Containous Traefik reverse proxy server. If the --api option is used and authentication is missing, the...
PT-2017-3764
Name of the Vulnerable Software and Affected Versions: Avahi versions 0.6.32 through 0.7 Description: The issue is related to the avahi-daemon in Avahi, which inadvertently responds to IPv6 unicast queries with source addresses that are not on-link. This allows remote attackers to cause a denial ...
PT-2016-2997 · Siemens · Sicam Pas
Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to a factory account with hard-coded passwords in SICAM PAS installations. This could allow attackers to gain privileged access to the database over Port 2638/TCP. The...
NEC Universal RAID Utility fails to restrict access permissions
Overview NEC Universal RAID Utility contains an issue where access permissions are not restricted. NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. SAKURA Internet Inc. reported this...
Novell Netmail WebAdmin buffer overflow vulnerability
Overview Novell NetMail contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Novell NetMail is an email and messenging software package developed by Novell. It is designed to offer mail and calendaring services to large groups of users.WebAdmi...