CVE-2026-33697 CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

EUVD-2018-14296

Malware in sbrugna...

EUVD-2021-22611

Malware in sbrugna...

GHSA-5C5J-JMHX-Q2GR Duplicate Advisory: gix-transport code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...

Duplicate Advisory: gix-transport code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

The vulnerability of the implementation of the Message Queuing Telemetry Transport (MQTT) protocol in the MXview One industrial network management platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Message Queuing Telemetry Transport MQTT protocol implementation of the MXview One industrial network management platform is related to an incorrect limit on the path name to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, t...

AZL-40229 CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2021-20826

Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...

The vulnerability of the Web Transport component in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Web Transport component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure through a specially created web page...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23) +2069 more potentially affected by CVE-2018-8039 via org.apache.cxf:cxf-rt-transports-http (>=2.0.6 <=3.1.15)

org.apache.cxf:cxf-rt-transports-http MAVEN version =2.0.6, =1.0.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2018-8039 Source advisory: OSV:GHSA-JC7R-V6FG-2GPF...

CVE-2004-2391

Jabber Gadu-Gadu Transport a.k.a. jabber-gg-transport 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty tag...