9 matches found
PT-2026-42731
A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP MSG MANAGEMENT message to set an unvalidated negative log announce interval value in the port's data set. When a subsequent PT...
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
PT-2026-21022
Name of the Vulnerable Software and Affected Versions EnOcean SmartServer IoT versions prior to 4.60.009 Description A flaw exists that could allow remote attackers to cause a memory leak. This can occur by sending specially crafted IP-852 messages within LON IP-852 management messages...
PT-2025-44927
Name of the Vulnerable Software and Affected Versions Automotive Software platform based on QNX affected versions not specified Description A memory corruption issue exists when processing client messages during device management. This is a stack-based buffer overflow. Recommendations At the...
OESA-2025-2485 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...
PT-2025-1703
Name of the Vulnerable Software and Affected Versions SCP-Firmware versions up to and including 2.15.0 Description Specifically crafted SCMI messages sent to an SCP may lead to a Usage Fault and crash the SCP. Recommendations For SCP-Firmware versions up to and including 2.15.0, consider...
CVE-2021-36319
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages...
Exploit for CVE-2020-6616
Broadcom c...
mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages
A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...