6 matches found
CVE-2026-7734
A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...
CVE-2026-7737 osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...
CVE-2026-7735
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the lack of a RequireScopes call in internal/router/comment.go comment panel admin endpoint. An attacker can gain unauthorized access to comment moderation operations, including listing, approving, rejecting...
PT-2022-20005
Name of the Vulnerable Software and Affected Versions Jirafeau versions prior to 4.4.0 Description The file preview functionality in Jirafeau, which is enabled by default, could be exploited for cross-site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone...
PT-2022-18782 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: Fusionpbx versions prior to 4.4 Description: The issue concerns a command injection vulnerability. This vulnerability can be exploited via the download email logs function. Recommendations: For Fusionpbx versions prior to 4.4, update to a...