16 matches found
BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...
OPENSUSE-SU-2026:21057-1 Security update for libssh2_org
This update for libssh2org fixes the following issues - CVE-2026-55199: pre-Authentication DoS via SSHMSGEXTINFO Handler bsc1268530. - CVE-2026-55200: out-of-Bounds write via Unchecked packetlength in transport.c bsc1268531...
CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...
Unchecked Input for Loop Condition
Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SSHMSGEXTINFO handler during the initial handshake process. An attacker can cause the client application to become unresponsive by sending a crafted extension count value that triggers an infini...
SUSE-SU-2026:1868-1 Security update for firebird
This update for firebird fixes the following issues - CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer = 4 server bsc1262330. - CVE-2026-27890: Pre-Auth DOS bsc1262328. - CVE-2026-28212: One packet DoS bsc1262329. - CVE-2026-28214: Server hangs when using...
SUSE SLES16 Security Update : dovecot24 (SUSE-SU-2026:21208-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21208-1 advisory. - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031:...
CVE-2026-35040 fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...
CVE-2026-33952
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...
MGASA-2024-0086 Updated nodejs-hawk packages fix security vulnerability
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2023-40459
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...
K15566: Kerberos vulnerability CVE-2014-4345
Security Advisory Description Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause...
CVE-2022-4498 A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...
CVE-2018-1116
A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informati...
Wireless GUI Android Security Assessment: Hijacker
Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng , MDK3 and Reaver . It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with an...
Core FTP Server 32-bit Build 587 - Heap Overflow
-- coding: cp1252 -- Exploit Title: Core FTP Server 32-bit - Build 587 Heap Overflow Date: 05/10/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.coreftp.com/ Vulnerable Version Download: http://coreftp.com/server/download/archive/CoreFTPServer587.exe...
CVE-2006-6981
3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service blocked account via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten...