20 matches found
CVE-2026-32769 Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.1.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a subverted application to any Pod out of the origin namespace. The flawed inter-ns NetworkPolicy breaks the...
CVE-2026-32769
Fullchain (github.com/ctfer-io/fullchain) is affected prior to version 0.1.1 due to a mis-written inter-namespace NetworkPolicy that allows a subverted application to pivot to pods outside the origin namespace, enabling lateral movement. The issue has been fixed in version 0.1.1. Workaround: dele...
GHSA-FGM3-Q9R5-43V9 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy...
CVE-2025-41759
An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...
CVE-2021-47791
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's...
CVE-2025-41068
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...
CVE-2025-41068
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...
EUVD-2025-36179
Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...
CVE-2025-41068
CVE-2025-41068 : Reachable Assertion in Open5GS NRF. Affected: Open5GS up to version 2.7.6 (and variants cited as up to 2.7.5 in some sources). Condition: attacker with network access to the NRF can trigger by sending an NF creation request with an invalid type via the SBI, then request its data....
EUVD-2022-36294
Malicious code in bioql PyPI...
Intelbras RX1500和Intelbras RX3000 安全漏洞
The Intelbras RX1500 and Intelbras RX3000 are both routers from Intelbras Brazil. A security vulnerability exists in Intelbras RX1500 version v2.2.9 and Intelbras RX3000 version v1.0.11, which stems from the failure to validate the ESSID name when creating a network, which could lead to the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an invalid network device by the t7xx wwan driver in napi polling, which could lead to null point...
CVE-2022-33251
CVE-2022-33251 describes a Transient Denial of Service caused by a reachable assertion in the modem triggered by invalid network configuration. The vulnerability is associated with Qualcomm chipset modems and is rated as High (CVSS v3.1: 7.5, Network attack vector, Low attack complexity, No privi...
PT-2023-13262 · Modem · Modem
Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to a Transient DOS due to a reachable assertion in the Modem, caused by an invalid network configuration. Recommendations: At the moment, there is no information about a...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from an invalid network configuration resulting in a denial of service due to a reachable assertion in the modem...
Common 安全漏洞
NIMBLE Platform Common is a common module package that can be accessed by NIMBLE services. A security vulnerability exists in Common that stems from an incorrectly validated JSON network token. An attacker could use this vulnerability to forge a valid JWT, which could lead to an authentication...
CVE-2018-18881
A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...
DEBIAN-CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
PrivaShare Peer-to-Peer Chat and File Sharing Application DoS
Denial of service on invalid network message...
Microsoft DirectPlay DoS
Invalid network packets parsing...