Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the PFCP Association Setup Request process. An attacker can cause service disruption and trigger reconnection loops by sending a malformed request that is incorrectly accepted, resulting in an inconsisten...

EUVD-2025-201299

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

PT-2025-49164

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.8.1 through 12.11.4 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A flaw exists within the Fireware OS that could allow an attacker to circumvent the boot time system integrity check. Th...

EUVD-2025-6104

Malicious code in bioql PyPI...

EUVD-2024-22167

Malicious code in bioql PyPI...

Expected Behavior Violation

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Expected Behavior Violation via the DocugamiReader class. An attacker can cause loss of important document content, disrupt parent-child chunk hierarchies, and lead to inaccurate AI...

Security Bulletin: AIX/VIOS is vulnerable to an expected behavior violation (CVE-2025-32728) due to OpenSSH

Summary AIX's OpenSSH DisableForwarding directive does not adhere to the documentation CVE-2025-32728. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-32728 DESCRIPTION: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the...

OESA-2025-1290 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, fr...

OESA-2025-1289 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, fr...

CVE-2024-56202

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue...

UBUNTU-CVE-2024-56202

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue...

CVE-2024-56202

CVE-2024-56202 is a vulnerability described as an Expected Behavior Violation in Apache Traffic Server. It affects the following releases: 9.0.0–9.2.8 and 10.0.0–10.0.3. The provided data shows a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, and privilege...

CVE-2024-56202 Apache Traffic Server: Expect header field can unreasonably retain resource

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue...

CVE-2024-56202

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue...

PT-2025-9866 · Apache +1 · Apache Traffic Server +1

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.0.0 through 9.2.8 Apache Traffic Server versions 10.0.0 through 10.0.3 Description: The issue is an Expected Behavior Violation vulnerability in Apache Traffic Server. Users are advised to upgrade to resolve t...

Expected Behavior Violation

@backstage/plugin-app-backend is vulnerable to Expected Behavior Violation. The vulnerability is due to the handling of APPCONFIG environment variables, which ignores the visibility defined in the configuration schema. Note: This was an intended feature of the APPCONFIG way of supplying...

Internet Bug Bounty: CVE-2023-28322: more POST-after-PUT confusion

Libcurl, a popular open-source library for transferring data over HTTPS, had a vulnerability CVE-2023-28322 that could allow an attacker to inject data or cause the application to misbehave. The vulnerability was caused by a logic flaw that could cause libcurl to use the wrong callback function...

Siemens SINEC NMS Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE X (Update D)

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X Vulnerability: Expected Behavior Violation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X Update C that was published...

Why does Citrix Receiver send DNS query for nonexistent hostname?

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. Question: Why does Citrix Receiver send DNS queries to similar NonExistingSubDomain? Answer: Citrix...