Lucene search
K

133 matches found

EUVD
EUVD
added 2025/10/30 12:31 a.m.5 views

EUVD-2025-36737

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.2AI score0.00443EPSS
Exploits0References5
OSV
OSV
added 2025/10/29 11:16 p.m.6 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added 2025/10/29 10:10 p.m.8 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

0.00443EPSS
Exploits0References4
CVE
CVE
added 2025/10/29 10:10 p.m.35 views

CVE-2025-58189

CVE-2025-58189 : IBM bulletin details this vulnerability: when Conn.Handshake fails during ALPN negotiation, the error may include attacker-controlled data (the client-sent ALPN protocols) and is not escaped. This can reveal sensitive info in logs. CVSS v3.1 base score 5.3 (Network, Low/None impa...

5.3CVSS6.3AI score0.00443EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/10/29 9:49 p.m.2 views

Improper Encoding or Escaping of Output

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:When Conn.Handshake fails during ALPN negotiation, the error contains attacker-controlled information the AL...

6.9CVSS6.7AI score0.00443EPSS
Exploits0References3
OSV
OSV
added 2025/10/16 5:47 p.m.5 views

CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

8.7CVSS7AI score0.00415EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-24701

Malware in sbrugna...

9.3CVSS8.5AI score0.03902EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-44384

Malicious code in bioql PyPI...

8.7CVSS7.7AI score0.0127EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24861

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00415EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.3 views

CVE-2023-21648

Memory corruption in RIL while trying to send apdu packet...

7.8CVSS7.1AI score0.00109EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.5 views

The vulnerability of the S1AP protocol implementation in the NextEPC module allows a violator to enhance their privileges.

The vulnerability of the S1AP protocol implementation in the NextEPC module is related to the execution of operations outside the stack buffer. Exploiting this vulnerability can allow a malicious actor to enhance their privileges by sending a specially crafted NAS message...

10CVSS5.7AI score0.00397EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.4 views

PT-2025-1408 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a UE Context Modification Response message without the required MME UE S1AP ID field, which can cause the MME to crash repeatedly, resulting in denial of...

8.6CVSS7.1AI score0.00752EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.4 views

PT-2025-1410 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is related to an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a require...

8.6CVSS7.1AI score0.00752EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/01/08 12:20 a.m.5 views

SUSE CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.7AI score0.00228EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-20392 · Unknown · Openairinterface Magma +1

Name of the Vulnerable Software and Affected Versions: OpenAirInterface Magma version 1.8.0 OAI EPC Federation version 1.2.0 Description: The issue allows attackers to cause a Denial of Service DoS via a crafted NGAP packet. This is due to reachable assertions in the NGAP FIND PROTOCOLIE BY ID...

9.8CVSS7.6AI score0.14949EPSS
Exploits3References20
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

FreeCoAP 缓冲区错误漏洞

FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a personal developer. A security vulnerability exists in FreeCoAP version 0.7, which originates in the serverhandleregular function of the testcoapserver.c file and can lead to a denial of service...

8.2CVSS6.7AI score0.00532EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/10/21 12:0 a.m.8 views

The vulnerability of the Suricata intrusion detection and prevention system arises from errors in checking the JA4 identifier, which provides information about the application protocol used between the client and the server. This vulnerability allows attackers to trigger a service failure.

The vulnerability of the Suricata intrusion detection and prevention system is related to errors in checking the JA4 identifier, which provides information about the application protocol used between the client and the server. Exploiting this vulnerability allows a malicious actor to cause servic...

7.8CVSS7.3AI score0.00577EPSS
Exploits0References5Affected Software3
Fedora
Fedora
added 2024/09/13 9:3 p.m.14 views

[SECURITY] Fedora 41 Update: libcoap-4.3.5-6.fc41

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

7.5CVSS7.4AI score0.00557EPSS
Exploits0
Mageia
Mageia
added 2024/09/10 4:40 p.m.18 views

Updated webmin package fixes security vulnerability

CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...

7.5CVSS7AI score0.05397EPSS
Exploits0References2
OSV
OSV
added 2024/09/03 10:15 p.m.7 views

AZL-48711 CVE-2024-45620 affecting package opensc for versions less than 0.26.1-1

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

3.9CVSS7.2AI score0.00293EPSS
Exploits0References1
Rows per page
Query Builder