FLIR Thermal Traffic Cameras 安全漏洞

FLIR Thermal Traffic Cameras are a series of thermal imaging traffic detection cameras from FLIR Corporation. A security vulnerability exists in FLIR Thermal Traffic Cameras that stems from a lack of authentication and authorization controls in the WebSocket implementation, which could lead to...

PT-2025-53360

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

openSUSE 16 Security Update : qemu (openSUSE-SU-2025:20171-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20171-1 advisory. Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be...

SUSE-SU-2026:20008-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234: use-after-free in WebSocket...

curl: libcurl WebSocket handshake accepts any Sec-WebSocket-Accept

Summary: libcurl upgrades to WebSocket without validating Sec-WebSocket-Accept, allowing a spoofed 101 response to complete the handshake and inject frames; AI assistance was used to draft this report. Steps to Reproduce: 1. Clone and build curl from source: git clone --depth=1...

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Today, the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise IOCs and detection signatures for additional BRICKSTORM samples...

CVE-2025-12689

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

OPENSUSE-SU-2025:20171-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234:...

SUSE-SU-2025:21233-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234:...

EUVD-2025-203918

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

GHSA-J5VQ-62GR-8V3R Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

CVE-2025-12689

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

CVE-2025-12689

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

Improper Validation of Specified Type of Input

Overview github.com/mattermost/mattermost-plugin-calls is a package for voice calling and screen sharing functionality in Mattermost channels. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the WebSocket request handling. An attacker can cau...

CVE-2025-12689 DoS in Calls plugin via malformed UTF-8 in WebSocket request

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

CVE-2025-12689

Mattermost is affected by CVE-2025-12689 due to improper validation of WebSocket input in the Calls plugin (github.com/mattermost/mattermost-plugin-calls), allowing a malformed UTF-8 WebSocket request to crash the Calls plugin. Affected Mattermost releases include 11.0.x <= 11.0.4, 10.12.x &lt...

qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2025-51852

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...