RockyLinux 10 : dnsmasq (RLSA-2026:19158)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19158 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq...

CVE-2026-35049

The CVE-2026-35049 entry affects the wire-ios iOS client. Before version 4.16.0, processing a crafted Proteus external message with an encrypted payload under 16 bytes causes an automatic crash after receipt. The malicious message remains in the conversation and causes a crash loop on relaunch, p...

CVE-2025-56568

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

CVE-2025-56568

Open5GS contains an assertion-failure vulnerability in the PCO (Protocol Configuration Options) parser of the SMF (Session Management Function) component, affecting versions prior to 2.7.5. Remote attackers can trigger a denial-of-service by sending specially crafted NGAP messages with malformed ...

CVE-2025-56568

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

CVE-2025-56568

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

PT-2026-36167

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.5 Description An assertion failure in the PCO Protocol Configuration Options parser within the SMF Session Management Function component allows remote attackers to cause a denial of service. This occurs when the...

CVE-2020-36872

BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port 47808/udp. A remote unauthenticated...

CVE-2025-61430

Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed len differs from actual packet len, and due to a...

PT-2025-43636

Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed len differs from actual packet len, and due to a...

EUVD-2022-36334

Malicious code in bioql PyPI...

EUVD-2025-20486

Malicious code in bioql PyPI...

CVE-2025-21449

Transient DOS may occur while processing malformed length field in SSID IEs...

CVE-2025-21449 Buffer Over-read in WLAN Embedded SW

Transient DOS may occur while processing malformed length field in SSID IEs...

CVE-2025-21449

CVE-2025-21449 describes a transient Denial of Service in Qualcomm WLAN Embedded software triggered by processing a malformed length field in SSID Information Elements. The CVE is listed as High severity (base score 7.5) with network attack vector and no user interaction required; exploitation st...

CVE-2025-21449 Buffer Over-read in WLAN Embedded SW

Transient DOS may occur while processing malformed length field in SSID IEs...

PT-2025-28438

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A transient Denial of Service DOS may occur when processing a malformed length field in SSID Information Elements IEs. Recommendations: At the moment, there is no information about a newer...

CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

CVE-2006-6222

Stack-based buffer overflow in the NetBackup bpcd daemon bpcd.exe in Symantec Veritas NetBackup 5.0 before 5.0MP7, 5.1 before 5.1MP6, and 6.0 before 6.0MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix...