12463 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005806)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005806 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcpcsend. syzbot reported the splat below. 0 vccsendms...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
Allocation of Resources Without Limits or Throttling
Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the media-stream WebSocket upgrades. An attacker can exhaust server resources by establishing multiple unauthenticated pre-sta...
Malicious code in @yaoii-bails/socket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9d1cc19b4be6f6fb1f29ceb7bedcf05a41ca8135b966956c84c5095c1629126 The package @yaoii-bails/socket was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1126 Malicious code in @yaoii-bails/socket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9d1cc19b4be6f6fb1f29ceb7bedcf05a41ca8135b966956c84c5095c1629126 The package @yaoii-bails/socket was found to contain malicious code. Source: ghsa-malware...
K000160192: Log4j vulnerability CVE-2025-68161
Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https: //logging. apache. org/log4j/2.x/manual/appenders/network...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005554)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005554 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiexhandleuaprxforward', always...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005556)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005556 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenar...
net: sock: fix hardened usercopy panic in sock_recv_errqueue
...
FreeBSD : FreeBSD -- Jail chroot escape via fd exchange with a different jail (a88f5b2d-11e9-11f1-8148-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a88f5b2d-11e9-11f1-8148-bc241121aa0a advisory. If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the t...
Malicious Package
Overview socket-dgxeon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1078 Malicious code in socket-dgxeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b1cdce1957669bd7cca7bb7c90b018a87fad6ed9ea49b4874f127272f0c00d The package socket-dgxeon was found to contain malicious code. Source: ghsa-malware 0f36366d3dd38134f3c8176992483c8c67f2e502ca9b774a4ea5a3fc2d428efc...
Malicious code in socket-dgxeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b1cdce1957669bd7cca7bb7c90b018a87fad6ed9ea49b4874f127272f0c00d The package socket-dgxeon was found to contain malicious code. Source: ghsa-malware 0f36366d3dd38134f3c8176992483c8c67f2e502ca9b774a4ea5a3fc2d428efc...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2021-0920: net: split out functions related to registering inflight socket files bsc1193731. CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1245986. Special...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161.
Summary IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...
EUVD-2026-8966
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-27028
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-20781
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...