CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

CLSA-2026-1777369264 wireshark: Fix of CVE-2022-0586

CVE-2022-0586: fix infinite loop in RTMPT dissector rtmptgetamflength...

CVE-2020-36894 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

PT-2025-50515

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...

EUVD-2013-0463

Malware in sbrugna...

EUVD-2018-1076

Malware in sbrugna...

EUVD-2020-2566

Malware in sbrugna...

messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 3.0.1, which stems from insufficient validation of nested message keys and could lead to a prototype pollution atta...

CLSA-2024-1732194412 Fix of 14 CVEs

Update to 8u432-ga fixing a number of CVEs - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: infinite loop vunlerability in SymbolTable - CVE-2024-21140: int overflow/underflow in Range Check Elimination - CVE-2024-21144: invalid header validation leads to Pack200 excessive loading time -...

The vulnerability of the SolarWinds Security Event Manager (SEM), previously known as SolarWinds Log & Event Manager, related to deserialization flaws, allows a hacker to execute arbitrary code.

The vulnerability of the Security Event Manager SEM, a software tool for monitoring network infrastructure formerly known as SolarWinds Log & Event Manager, is related to deficiencies in the deserialization mechanism when processing AMF Action Message Format data. Exploiting this vulnerability...

SUSE CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...

SUSE CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

CVE-2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Golang/x/crypto message forgery vulnerability

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

PYSEC-2020-339

XML external entity XXE vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format AMF payload...

Design/Logic Flaw

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...