148 matches found
DEBIAN-CVE-2023-53016
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcommskstatechange syzbot reports a possible deadlock in rfcommskstatechange 1. While rfcommsockconnect acquires the sk lock and waits for the rfcomm lock, rfcommsockrelease could have the...
CVE-2025-29913
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A critical heap buffer overflow vulnerability was identified in the...
CVE-2025-29913
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A critical heap buffer overflow vulnerability was identified in the...
CVE-2025-29913 CryptoLib's Crypto_TC_Prep_AAD Has Buffer Overflow Due to Integer Underflow
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A critical heap buffer overflow vulnerability was identified in the...
CryptoLib 安全漏洞
CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib version 1.3.3 and earlier, which originates from a heap buffer overflow and could result in a denial of servi...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: RFCOMM: Avoid leaving a dangling sk pointer in rfcommsockalloc. The btsockalloc function attaches the allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in mediapipelinestart The graph walk attempts to follow all links, even if they are not between pads. This can cause a crash, especially with a link of type MEDIALNKFLANCILLARYLINK. This issue has been...
Astra Linux – Vulnerability in Firefox, Thunderbird
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
UBUNTU-CVE-2024-43836
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: pse-pd: Fix possible null-deref Fix a possible null dereference when a PSE supports both c33 and PoDL, but only one of the netlink attributes is specified. The c33 or PoDL PSE capabilities are already validated in t...
The vulnerability of the OLE DB driver for SQL Server, related to integer overflow, allows an attacker to execute arbitrary code.
The vulnerability of the OLE DB driver for SQL Server is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...
The vulnerability of the OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the OLE DB driver for SQL Server on Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
USN-6143-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-34414, CVE-2023-34416,...
ABB Central Licensing System Permissions, Privileges, and Access Controls (CVE-2020-8476)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB Central Licensing System Uncontrolled Resource Consumption (CVE-2020-8475)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
SUSE CVE-2007-3844
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
SUSE CVE-2019-15166
lmpprintdatalinksubobjs in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks...
Researcher discovered vulnerabilities in Layer-2 managed switches
A researcher has found vulnerabilities in network security techniques at the Layer-2 level. The vulnerabilities reside in the fact that the QinQ functionality IEEE 802.1ad standard incorrectly allows VLAN 0 priority tag and 802.2 LLC/SNAP headers can be stacked multiple define VLANs within VLANs....
CVE-2022-33939
CENTUM VP / CS 3000 controller FCS CP31, CP33, CP345, CP401, and CP451 contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service DoS condition in ADL communication by sending a...