259 matches found
CVE-2021-25695
The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver...
CVE-2020-36564
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...
CVE-2019-19324
Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...
CVE-1999-0478
Denial of service in HP-UX sendmail 8.8.6 related to accepting connections...
CVE-2024-49847
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE...
CVE-2024-49847
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE...
CVE-2024-49847
CVE-2024-49847 describes a transient DoS affecting Qualcomm chipsets during processing of OTA registration messages, caused by incorrect ciphering key data IE. The vulnerability is tied to the OTA handling flow in the chipset/firmware (Qualcomm components). The CVSSv3.1 base is 7.5 (High) with ne...
CVE-2024-49847 Buffer Over-read in Multi-Mode Call Processor
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE...
CVE-2024-49847 Buffer Over-read in Multi-Mode Call Processor
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE...
CVE-2025-23145
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in canacceptnewsubflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcpcanacceptnewsubflow' because subflowreq-msk is NULL. Call trace: mptcpcanacceptnewsubflow...
DEBIAN-CVE-2025-22088
In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdmaacceptnewconn After the erdmacepputnewcep being called, newcep will be freed, and the following dereference will cause a UAF problem. Fix this issue...
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-1734
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...
Mbed TLS 安全漏洞
Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.10 and 3.x versions prior to 3.6.3, which stems from a client accepting trusted certificates for arbitrary hostnames...
GHSA-R8GC-QC2C-C7VH Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...
CVE-2025-1497
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
Linux Distros Unpatched Vulnerability : CVE-2024-36936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 efi/unaccepted: F...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a contention condition in mptcp that does not accept sockets...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a denial of service when the modem receives a registration acceptance OTA with an incorrect encryption key data IE...