95 matches found
GHSA-QPGP-93VX-G8V8 Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...
PT-2026-47625
Name of the Vulnerable Software and Affected Versions Puma versions prior to 7.2.1 Puma versions prior to 8.0.2 Description When PROXY protocol v1 support is enabled, the server reads incoming bytes into an internal buffer and waits for a carriage return and line feed CRLF to identify a PROXY v1...
Linux Distros Unpatched Vulnerability : CVE-2026-41470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens...
Information Exposure
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
EUVD-2026-30973
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
CVE-2026-41470
The CVE describes an authorization bypass in LIVE555’s RTSP server prior to 2026.04.22. The root cause is improper handling of RTSP session commands that allows an attacker to replay a valid Session token from an unauthenticated connection. With a valid token, an attacker can issue PLAY and TEARD...
Live555 安全漏洞
LIVE555 is a cross-platform C++ open-source project that provides solutions for streaming media. It supports standard streaming media transmission protocols such as RTP/RTCP, RTSP, and SIP. Versions of LIVE555 before 2026.04.22 had security vulnerabilities. These vulnerabilities stemmed from...
CVE-2026-22924
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...
CVE-2026-22924
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...
CVE-2026-22924
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...
CVE-2026-22924
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...
CVE-2026-22924
CVE-2026-22924 affects SIMATIC CN 4100 (all versions < V5.0). The vulnerability arises from insufficiently restricted unauthenticated connections, enabling resource exhaustion that can disrupt operations and potentially impact system availability and integrity. Connected references reiterate t...
CVE-2026-22924
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...
Linux Distros Unpatched Vulnerability : CVE-2026-43506
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory...
Linux Distros Unpatched Vulnerability : CVE-2026-43507
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsi...
CVE-2026-43506
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections...