25571 matches found
CVE-2025-14115
CVE-2025-14115 affects IBM Sterling Connect:Direct for UNIX Container. Concrete details from connected sources: vulnerable versions are 6.3.0.0 to 6.3.0.6_iFix016 and 6.4.0.0 to 6.4.0.3_iFix019. The root cause is hard-coded credentials used for inbound authentication, outbound communication, or i...
CVE-2026-23833
A flaw was found in ESPHome. An integer overflow vulnerability exists in the API component's protobuf decoder. A remote attacker can exploit this by sending a specially crafted, large fieldlength value, which bypasses a bounds check. This can lead to a denial-of-service DoS condition, causing the...
PT-2026-3668
Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25808 Description The software contains a flaw due to the use of a broken cryptographic algorithm DES. This impacts the Password class within the C2SConnections.dll component on Windo...
MiracleLinux 9 : openssl-3.0.1-41.el9 (AXSA:2022-3964:07)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3964:07 advisory. openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification returns inaccurate response when using...
MiracleLinux 8 : libssh-0.9.4-2.el8 (AXSA:2021-1281:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1281:01 advisory. libssh: denial of service when handling AES-CTR or DES ciphers CVE-2020-1730 libssh: unsanitized location in scp could lead to unwanted command...
Milner ImageDirector Capture security vulnerability
Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions of Milner ImageDirector Capture from 7.0.9.0 to 7.6.3.25808 contained security vulnerabilities. These vulnerabilities were due to the use of defective or...
MiracleLinux 9 : openssl-3.0.7-6.el9 (AXSA:2023-5373:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5373:04 advisory. openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 Tenable has extracted the preceding description block directly from th...
MiracleLinux 8 : cryptsetup-2.3.3-4.el8.1 (AXSA:2022-3029:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3029:01 advisory. cryptsetup: disable encryption via header rewrite CVE-2021-4122 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 9 : buildah-1.33.7-3.el9_4 (AXSA:2024-8549:06)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8549:06 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...
MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...
MiracleLinux 9 : grafana-9.2.10-8.el9_3.ML.1 (AXSA:2024-7653:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7653:01 advisory. grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 CVE-2024-1394 A memory leak flaw was found in Golang ...
MiracleLinux 9 : podman-4.9.4-4.el9_4 (AXSA:2024-8285:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8285:05 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
PT-2026-3665
Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...
MiracleLinux 8 : mysql:8.0 (AXSA:2020-844:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-844:01 advisory. mysql: Server: Security: Privileges multiple unspecified vulnerabilities CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774...
Integer Overflow or Wraparound
Overview esphome is a Make creating custom firmwares for ESP32/ESP8266 super easy. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the protobuf decoder in the API component. An attacker can cause the device to read invalid memory and crash by sending a...
CVE-2026-23833
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
CVE-2026-23833
Summary: CVE-2026-23833 affects ESPHome 2025.9.0–2025.12.6. A flaw in the API component’s protobuf decoder lets an attacker perform a denial-of-service by sending a large field_length, causing an overflow of the bounds check in components/api/proto.cpp (ptr + field_length > end). This can cras...
CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
CVE-2026-23833
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...