9 matches found
CVE-2026-55952
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...
CVE-2026-53328
A flaw was found in the Linux kernel's schedext component. When systemd's user manager interacts with subtreecontrol while schedext is loaded, a warning can be triggered. This occurs due to a mismatch in how cgroup and css identities are handled during task migration, potentially leading to syste...
GHSA-G588-CJG3-6G78 Steamworks game clients/servers using P2P authentication vulnerable to denial of service
Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...
Denial of service in Steamworks game clients/servers using P2P authentication
Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...
RUSTSEC-2026-0121 Denial of service in Steamworks game clients/servers using P2P authentication
Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...
Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...
GHSA-XW45-CC32-442F Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...
CVE-2026-32065
Summary (concrete): CVE-2026-32065 affects OpenClaw
libreswan: Invalid IKEv1 Quick Mode ID causes restart
A NULL pointer dereference flaw was found in Libreswan when processing IKEv1 Quick Mode requests. When an IKEv1 Quick Mode connection configured with IDIPV4ADDR or IDIPV6ADDR receives an IDcr payload with IDFQDN, it triggers a NULL pointer dereference error. This flaw allows a malicious client or...