SUSE-SU-2026:0213-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680...

SUSE-SU-2026:0121-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Fanvil x210 安全漏洞

The Fanvil x210 is an IP telephony device from Fanvil. A security vulnerability exists in Fanvil x210 V2 version 2.12.20, which originates from an unauthenticated attacker on the local network who can execute arbitrary system commands...

EUVD-2020-26230

Malware in sbrugna...

EUVD-2020-5149

Malware in sbrugna...

EUVD-2020-5143

Malware in sbrugna...

EUVD-2022-32821

Malicious code in bioql PyPI...

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2023-0896

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access...

CVE-2023-2646

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses...

CVE-2022-28373

Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code...

CVE-2021-25755

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic...

CVE-2025-24132

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination...

CVE-2025-24251

The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app termination...

CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...

CVE-2025-2959

A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated with...

CVE-2025-2958 TRENDnet TEW-818DRU HTTP Request httpd denial of service

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done...

CVE-2025-2547

A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. This issue affects some unknown processing of the file /goform/formAdvNetwork. The manipulation leads to improper access controls. The attack can only be done within the local network. T...