133 matches found
EUVD-2025-36737
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189
CVE-2025-58189 : IBM bulletin details this vulnerability: when Conn.Handshake fails during ALPN negotiation, the error may include attacker-controlled data (the client-sent ALPN protocols) and is not escaped. This can reveal sensitive info in logs. CVSS v3.1 base score 5.3 (Network, Low/None impa...
Improper Encoding or Escaping of Output
Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:When Conn.Handshake fails during ALPN negotiation, the error contains attacker-controlled information the AL...
CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...
EUVD-2020-24701
Malware in sbrugna...
EUVD-2024-44384
Malicious code in bioql PyPI...
EUVD-2025-24861
Malicious code in bioql PyPI...
CVE-2023-21648
Memory corruption in RIL while trying to send apdu packet...
The vulnerability of the S1AP protocol implementation in the NextEPC module allows a violator to enhance their privileges.
The vulnerability of the S1AP protocol implementation in the NextEPC module is related to the execution of operations outside the stack buffer. Exploiting this vulnerability can allow a malicious actor to enhance their privileges by sending a specially crafted NAS message...
PT-2025-1408 · Open5Gs · Open5Gs Mme
Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a UE Context Modification Response message without the required MME UE S1AP ID field, which can cause the MME to crash repeatedly, resulting in denial of...
PT-2025-1410 · Open5Gs · Open5Gs Mme
Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is related to an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a require...
SUSE CVE-2025-0239
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...
PT-2024-20392 · Unknown · Openairinterface Magma +1
Name of the Vulnerable Software and Affected Versions: OpenAirInterface Magma version 1.8.0 OAI EPC Federation version 1.2.0 Description: The issue allows attackers to cause a Denial of Service DoS via a crafted NGAP packet. This is due to reachable assertions in the NGAP FIND PROTOCOLIE BY ID...
FreeCoAP 缓冲区错误漏洞
FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a personal developer. A security vulnerability exists in FreeCoAP version 0.7, which originates in the serverhandleregular function of the testcoapserver.c file and can lead to a denial of service...
The vulnerability of the Suricata intrusion detection and prevention system arises from errors in checking the JA4 identifier, which provides information about the application protocol used between the client and the server. This vulnerability allows attackers to trigger a service failure.
The vulnerability of the Suricata intrusion detection and prevention system is related to errors in checking the JA4 identifier, which provides information about the application protocol used between the client and the server. Exploiting this vulnerability allows a malicious actor to cause servic...
[SECURITY] Fedora 41 Update: libcoap-4.3.5-6.fc41
The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...
Updated webmin package fixes security vulnerability
CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...
AZL-48711 CVE-2024-45620 affecting package opensc for versions less than 0.26.1-1
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...