81 matches found
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...
Malicious code in cxpher-linux-arm32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd6c14d2899b638880b25bf1c35973ed1c9cf6fcb99331447e3da7c2478124c7 The package's main is an ARM ELF binary that, when loaded, mkdtemp's a working directory under /dev/shm/.cxpher.XXXXXX or /tmp/.cxpher.XXXXXX, writes...
Linux Distros Unpatched Vulnerability : CVE-2026-23433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporti...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling ...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 10.0.4 or higher. References - Vulnerability Advisor...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
EUVD-2025-7398
Malicious code in bioql PyPI...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...
Linux Distros Unpatched Vulnerability : CVE-2022-50195
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM: dts: qcom: replace gcc PXO with pxoboard fixed clock Replace gcc PXO phandle to pxoboard fixed clock declared in the dts. gcc driver doesn't provide PXOSRC...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...
Improper Authentication
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync...
CVE-2025-1425
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671...
CVE-2025-1425 File Read Through Improper Sudo Privilege Management
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671...
CVE-2025-1425 File Read Through Improper Sudo Privilege Management
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671...
HTTP Fetch, Linux ARM Big Endian Command Shell, Bind TCP Inline
Fetch and execute an ARMBE payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/armbe/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...