62 matches found
GHSA-Q3W6-Q3HC-C5X6 FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. Details File: server/api/projects/index.js javascript prjApp.get"/api/project", secureFnc, functionreq, res const permission = checkGroupsFncreq;...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readOctetVector function when processing a manipulated DATA Submessage with tampered PIDIDENTITYTOKEN or PIDPERMISSIONSTOKEN fields. An attacker can cause remote process termination and resource exhaustion by...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the readString function when processing a manipulated DATA Submessage with DDS Security enabled. An attacker can cause remote process termination by sending a specially crafted SPDP packet that tampers wit...
CVE-2025-64098 FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
CVE-2025-64098
CVE-2025-64098 affects Fast DDS (DDS security enabled) where an attacker tampering with PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN in the DATA Submessage of SPDP can trigger a 32-bit integer overflow in readOctetVector, causing std::vector::resize to allocate attacker-controlled sizes and leadin...
CVE-2025-64098 FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...
CVE-2025-62602 FastDDS has heap buffer overflow in readData via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...
CVE-2025-62601 FastDDS has heap buffer overflow in readString via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...
CVE-2025-62601 FastDDS has heap buffer overflow in readString via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...
CVE-2025-62600 eprosima Fast DDS affected by Out-of-Memory in readBinaryPropertySeq via Manipulated DATA Submessage when DDS Security is enabled
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
CVE-2025-62600 eprosima Fast DDS affected by Out-of-Memory in readBinaryPropertySeq via Manipulated DATA Submessage when DDS Security is enabled
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
CVE-2025-62599
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
CVE-2025-62599 FastDDS has Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...
CVE-2022-31066
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...
Improper Authorization
org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...
EUVD-2017-16903
Malware in sbrugna...
GHSA-JMP9-X22R-554X Spring Framework annotation detection mechanism may result in improper authorization
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
CVE-2025-30648
An Improper Input Validation vulnerability in the Juniper DHCP Daemon jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service DoS. When a specifically malformed DHCP packet is...
CVE-2025-30648 Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash
An Improper Input Validation vulnerability in the Juniper DHCP Daemon jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service DoS. When a specifically malformed DHCP packet is...