Lucene search
+L

310 matches found

osv
osv
added 2026/05/07 6:0 a.m.17 views

RLSA-2026:14087 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

5.9CVSS5.8AI score0.00254EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.14 views

GitHub Enterprise Server 访问控制错误漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was an access control...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References1
osv
osv
added 2026/05/06 12:0 a.m.9 views

ALSA-2026:14087 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
osv
osv
added 2026/05/06 12:0 a.m.17 views

ALSA-2026:13978 Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
almalinux
almalinux
added 2026/05/06 12:0 a.m.12 views

Moderate: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References4
packetstormnews
packetstormnews
added 2026/05/03 12:0 a.m.8 views

Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Post-quantum migration in Transport Layer Security TLS requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual...

5.8AI score
Exploits0
cvelist
cvelist
added 2026/04/13 1:40 p.m.30 views

CVE-2026-31425 rds: ib: reject FRMR registration before IB connection is established

In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...

0.00114EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2026/04/13 12:0 a.m.4 views

CVE-2026-31425

In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
euvd
euvd
added 2026/04/03 12:31 a.m.6 views

EUVD-2022-55960

Hirschmann EagleSDV contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability...

8.7CVSS5.9AI score0.00438EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.8 views

PT-2026-29901

Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service...

8.7CVSS5.9AI score0.00438EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/03/24 9:31 a.m.4 views

CVE-2026-32942

A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit a heap use-after-free vulnerability in the Interactive Connectivity Establishment ICE session. This occurs due to race conditions between session destruction and callbacks, potentially allowing for...

9.3CVSS6.5AI score0.00319EPSS
Exploits0References2
euvd
euvd
added 2026/02/25 3:31 p.m.6 views

EUVD-2026-8661

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service...

4.7CVSS5.3AI score0.00157EPSS
Exploits0References3
osv
osv
added 2026/02/13 12:0 a.m.5 views

CVE-2025-70123

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...

7.5CVSS5.7AI score0.00333EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/02/13 12:0 a.m.4 views

CVE-2025-70123

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...

5.7AI score0.00333EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/02/13 12:0 a.m.11 views

PT-2026-8008

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1 Description An improper input validation and protocol compliance issue exists in free5GC version 4.0.1. The UPF component incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This lead...

7.5CVSS5.5AI score0.00333EPSS
Exploits1References5
cve
cve
added 2026/02/13 12:0 a.m.17 views

CVE-2025-70123

Summary of CVE-2025-70123 : In free5GC v4.0.1, the UPF fails to validate a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This leads to an inconsistent UPF state, and a subsequent valid PFCP Session Establishment Request can trigger a cascading failure that disrupts the SMF c...

7.5CVSS5.7AI score0.00333EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2026/02/11 8:56 p.m.4 views

CVE-2026-25994 PJSIP has a heap buffer overflow in ICE with long username

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames...

9.3CVSS5.9AI score0.01927EPSS
Exploits3References2
snyk
snyk
added 2026/02/06 2:47 a.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the establishPfcpSession function. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference in the SMF component. Remediation Upgrade...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References2
cve
cve
added 2026/02/06 1:32 a.m.11 views

CVE-2026-1973

The CVE-2026-1973 entry affects Free5GC, specifically the SMF component function establishPfcpSession, with a null pointer dereference vulnerability reported up to version 4.1.0. Publicly disclosed exploit details indicate remote feasibility. Affected releases include Free5GC up to 4.1.0, with so...

7.5CVSS5.4AI score0.00526EPSS
Exploits1References7Affected Software1
cvelist
cvelist
added 2026/02/06 1:32 a.m.34 views

CVE-2026-1973 Free5GC SMF establishPfcpSession null pointer dereference

A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. I...

6.9CVSS0.00526EPSS
Exploits1References7
Rows per page
Query Builder