7041 matches found
FlashMQ 安全漏洞
FlashMQ is a fast and lightweight MQTT proxy server from the individual developer Wiebe Cazemier. A security vulnerability exists in FlashMQ version 1.14.0, which stems from a specially crafted reserved message that causes an assertion failure, potentially leading to a denial-of-service attack...
CVE-2024-42645
CVE-2024-42645 affects FlashMQ v1.14.0. A crafted retain message can trigger an assertion failure, causing a Denial of Service. The provided documents do not specify a patch version or remediation; no further exploit details are given.
FlashMQ 安全漏洞
FlashMQ is a fast and lightweight MQTT proxy server by Wiebe Cazemier. A security vulnerability exists in FlashMQ version 1.14.0, which stems from an assertion failure in the PublishCopyFactory::getNewPublish function, triggered when the QoS value of the publish object is greater than zero...
CVE-2024-42644
FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0...
CVE-2024-42645
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service DoS...
CVE-2024-42645
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service DoS...
PT-2025-31213 · Flashmq · Flashmq
Name of the Vulnerable Software and Affected Versions: FlashMQ version 1.14.0 Description: FlashMQ version 1.14.0 contains an assertion failure in the PublishCopyFactory::getNewPublish function when the Quality of Service QoS value of the publish object is greater than 0. Recommendations: At the...
PT-2025-31214 · Flashmq · Flashmq
Name of the Vulnerable Software and Affected Versions: FlashMQ version 1.14.0 Description: An issue in FlashMQ version 1.14.0 allows attackers to cause an assertion failure by sending a crafted retain message, leading to a Denial of Service DoS. Recommendations: At the moment, there is no...
Improper Verification of Cryptographic Signature
Overview @node-saml/node-saml is a SAML 2.0 implementation for Node.js Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via validatePostResponseAsync due to loading of the assertion from the unsigned original response document. An attacker can...
GHSA-4MXG-3P6V-XGQ3 Node-SAML SAML Signature Verification Vulnerability
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
node-saml 安全漏洞
node-saml is a SAML library that does not depend on any framework running in Node.js. A security vulnerability exists in node-saml version 5.0.1 that stems from not properly validating SAML assertions, which could lead to an authentication bypass...
PT-2025-31149
Name of the Vulnerable Software and Affected Versions: Node-SAML versions 5.0.1 and below Description: Node-SAML improperly loads the assertion from the unsigned original response document, differing from the parts verified during signature checking. This allows modification of authentication...
SUSE CVE-2025-38461
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...
CVE-2025-38461 vsock: Fix transport_* TOCTOU
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...
CVE-2025-38461 vsock: Fix transport_* TOCTOU
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...
GHSA-M837-G268-MMV7 Node-SAML SAML Authentication Bypass
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
Node-SAML SAML Authentication Bypass
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
CVE-2025-38358
CVE-2025-38358 relates to a race in Linux kernel’s btrfs async reclaim path. The bug occurs when an ordered iput is delayed while BTRFS_FS_STATE_NO_DELAYED_IPUT is already set, triggering an assertion in btrfs_add_delayed_iput during close_ctree. The described scenario: async reclaim schedules wr...
CVE-2025-38358
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between async reclaim worker and closectree Syzbot reported an assertion failure due to an attempt to add a delayed iput after we have set BTRFSFSSTATENODELAYEDIPUT in the fsinfo state: WARNING: CPU: 0 PID: 65 at...
PT-2025-30758 · Btrfs +1 · Btrfs +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to a race condition between the asynchronous reclaim worker and the close ctree function within the Btrfs filesystem. This issue arises from an...