14 matches found
libssh2: Fix of 2 CVEs
CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...
CLSA-2026-1778159627 libssh2: Fix of 2 CVEs
CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...
CVE-2026-28861
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper state management and may be able to access script message handlers intended for other origins. Mitigation Do not visit untrusted web pages or load untrusted web content with WebKitGTK. In Red Hat...
CVE-2026-28861
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...
DEBIAN-CVE-2026-28861
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...
CVE-2026-28861
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...
CVE-2026-28861
CVE-2026-28861 is an Apple vulnerability tied to a logic issue addressed by improved state management. It allows a malicious website to access script message handlers intended for other origins. The issue is fixed in: Safari 26.4, iOS 18.7.7 / iPadOS 18.7.7, iOS 26.4 / iPadOS 26.4, macOS Tahoe 26...
Apple多款产品 安全漏洞
Apple Safari, among others, are products of the American company Apple. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad...
CVE-2026-2345
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...
CVE-2026-2345 Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...
CVE-2025-68140 EVerest allows null session ID to bypass session ID verification
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...
EUVD-2025-206316
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message...
NQPTP Resource Management Error Vulnerability
NQPTP is a daemon that monitors timing data from PTP clocks on ports 319 and 320. It maintains a record of a clock, identified by its clock ID. A security vulnerability exists in NQPTP versions prior to 1.2.3, which stems from a security issue in nqptp-message-handlers.c. A carefully crafted pack...
GHSA-VMCC-4P4X-X7WG Matrix Synapse DoS
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 263 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...