USN-8401-1: Netty vulnerabilities

It was discovered that Netty's HTTP proxy handler did not properly validate headers when constructing CONNECT requests. An attacker could possibly use this issue to inject arbitrary HTTP headers into CONNECT requests. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:4264-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...

EUVD-2020-20242

Malware in sbrugna...

EUVD-2018-11861

Malware in sbrugna...

EUVD-2020-17073

Malware in sbrugna...

EUVD-2020-18418

Malware in sbrugna...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : Ruby vulnerabilities (USN-7734-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7734-1 advisory. It was discovered that Ruby incorrectly handled certain IO stream methods. A remote attacker could use this...

USN-7735-1 rubygems vulnerabilities

It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could use this issue to cause RubyGems to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28755 It was discovered that RubyGems incorrectly handled decompresse...

CVE-2020-27738

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions, Nucleus ReadyStart V3 All versio...

CVE-2020-15795

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

A DNS owner can sell the domain and then regain it back using a signature while he was still the owner of the domain

Lines of code Vulnerability details Impact The buying user would have spent money buying the DNS domain to the previous owner and still not have the DNS domain under their ownership. Proof of Concept A malicious user can: Build a proof for their ownership of a dns domain setting their address in...

CVE-2022-25551

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service DoS via the ddnsDomain parameter...

Tenda AX1806 缓冲区错误漏洞

Tenda AX1806 is a WiFi6 wireless router from Tenda, China.A stack overflow vulnerability exists in the Tenda AX1806 FormSetSystemTooldDNS function, which can be exploited by attackers to cause a denial of service DoS via the ddnsDomain parameter...

PT-2021-7510 · Reolink · Reolink Rlc-410W Ip Camera

Name of the Vulnerable Software and Affected Versions: Reolink RLC-410W IP Camera version 3.0.0.136 20121102 Description: An OS command injection vulnerability exists in the device network settings functionality due to improper validation of the ddns-domain variable. This variable has the value o...

Affirm: Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ]

Summary: I was looking at recent disclosed report 1297689 and I was thinking to take a look for the same issue on this asset as I love to test for subdomain takeover vulnerabilities. While testing I noticed a DNS entry for ███████.████.██████████.com is CNAME ████.███████████ which's TLD is not...

CVE-2020-25767

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...

Design/Logic Flaw

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...

py39-pycares -- domain hijacking vulnerability

Philipp Jeitner and Haya Shulman report: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability ...

Siemens SIMOTICS CONNECT 400 Denial of Service Vulnerability (CNVD-2021-28705)

SIMOTICS CONNECT 400 is a connector and sensor box mounted on a low-voltage motor that provides analysis data for the MindSphere application SIDRIVE IQ Fleet. A denial of service vulnerability exists in the Siemens SIMOTICS CONNECT 400. The vulnerability is due to the DNS domain record...

Siemens Nucleus Product Out-of-Bounds Write Vulnerability (CNVD-2021-28701)

The Nucleus NET module contains a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. An out-of-bounds write vulnerability exists in Siemens Nucleus products. The vulnerability is due to th...