CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2023-53296 sctp: check send stream number after wait_for_sndbuf

In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...

OSV-2025-723 Heap-buffer-overflow in processClientServerHello

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444547710 Crash type: Heap-buffer-overflow READ 2 Crash state: processClientServerHello processtls fuzzquicgetcryptodata.c...

SUSE CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...

Linux Distros Unpatched Vulnerability : CVE-2020-14792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u271, 8u261,...

Linux Distros Unpatched Vulnerability : CVE-2020-14797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261,...

Linux Distros Unpatched Vulnerability : CVE-2019-17596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack...

Linux Distros Unpatched Vulnerability : CVE-2020-9283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A clie...

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to...

CVE-2025-0309

CVE-2025-0309 describes a local privilege escalation in Netskope Client for Windows due to insufficient validation on the server connection endpoint. An attacker-controlled server using publicly signed TLS certificates can cause the client to send specially crafted responses, enabling privilege e...

CVE-2025-54804 Russh is missing an overflow check during channel windows adjust

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...

CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

CVE-2025-30024

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack...

CVE-2025-30024

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack...

CVE-2025-30023

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack...

CVE-2025-30024

Axis Communications Axis.Remoting protocol flaws in the client–server communication could enable a man-in-the-middle attack on Axis Device Manager and related Camera Station products. The CVE-2025-30024 entry specifically notes a MITM bypass of authentication/flow integrity, with an impact score ...

AXIS Device Manager 安全漏洞

AXIS Device Manager is a device manager from Axis Sweden. AXIS Device Manager has a security vulnerability that originates from a flaw in the communication protocol between the client and the server, which could lead to a man-in-the-middle attack...

AXIS多款产品 安全漏洞

AXIS Camera Station and others are products of the Swedish company Axis.AXIS Camera Station is a powerful and flexible video management and access control.AXIS Camera Station Pro is a powerful and flexible video management and access control.AXIS Device Manager is AXIS Device Manager is a device...