157 matches found
CVE-2026-5401
A flaw was found in Wireshark. An attacker could craft a malicious network trace file that, when opened by a user, would trigger a crash in the AFP Spotlight protocol dissector. This vulnerability leads to a denial of service, making the application unavailable. Mitigation To mitigate this issue,...
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...
Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...
CVE-2025-40943
The CVE-2025-40943 entry describes improper sanitization of trace file contents on affected devices, enabling code injection when a user imports a specially crafted trace file via social engineering. Root cause: inadequate input sanitization in trace-file handling. Impact: high confidentiality, i...
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...
Siemens SIMATIC
SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...
Siemens多款产品 跨站脚本漏洞
SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...
Siemens SIMATIC S7-1500 Device Stored Cross-Site Scripting Vulnerability
SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...
HDF5 Plugin 2.17.0 Path Audit
This script demonstrates a controlled security audit scenario targeting the HDF5 dynamic plugin loading mechanism. It compiles a shared C library that mimics a legitimate HDF5 filter plugin by implementing the required H5Zclass2t structure and registration functions H5PLgetplugintype,...
ROS-20260119-7327
A vulnerability in the kernel/trace/bpftrace.c component of the Linux kernel is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2025-48638
In pkvmloadtracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48638
CVE-2025-48638 affects Google Android’s pKVM (protected Kernel-based Virtual Machine) in the kernel, specifically in __pkvm_load_tracing within trace.c. The flaw is an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with no additional execution priv...
ASB-A-442540376
In pkvmloadtracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Wireshark 4.2.x < 4.2.14 A Vulnerability
The version of Wireshark installed on the remote Windows host is prior to 4.2.14. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.2.14 advisory. - MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service CVE-2025-11626...
EUVD-2018-12200
Malware in sbrugna...
EUVD-2021-26303
Malware in sbrugna...
EUVD-2009-2085
Malware in sbrugna...