10 matches found
Astra Linux - уязвимость в corosync
Corosync versions up to 3.1.9 suffer from a stack-based buffer overflow in the orftokenendianconvert function, in the exec/totemsrp.c file. This vulnerability exists when encryption is disabled or if the attacker knows the encryption key. The issue is caused by a large UDP packet...
CVE-2025-64769
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
Linux Distros Unpatched Vulnerability : CVE-2023-1782
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not...
Linux Distros Unpatched Vulnerability : CVE-2025-30472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack- based buffer overflow in orftokenendianconvert in...
corosync: Stack buffer overflow from 'orf_token_endian_convert'
A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior...
SUSE CVE-2025-30472
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...
AZL-59189 CVE-2025-30472 affecting package corosync 3.0.4-3
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that originates in btmaclencryptchange in btmacl.cc, which could lead to the disclosure of local information as the remote device can be encrypted with encryption turned off an...
CVE-2020-4980
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539...
CVE-2019-19127
An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...