RabbitMQ AWS infrastructure Plugin 安全漏洞

The RabbitMQ AWS Infrastructure Plugin is an open-source project by amazon-mq, designed for integrating RabbitMQ with AWS infrastructure. Versions of the RabbitMQ AWS Infrastructure Plugin prior to version 0.2.1 contained security vulnerabilities. These vulnerabilities stemmed from debugging code...

CVE-2026-34610 leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...

CVE-2026-1678

CVE-2026-1678 affects Zephyr’s DNS name parser. The function dns_unpack_name() caches the buffer tailroom and reuses it when appending DNS labels; as the buffer grows, the cached size can become incorrect, allowing the final null terminator to be written past the buffer. With assertions disabled ...

CVE-2026-1678 dns: memory‑safety issue in the DNS name parser

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-1678 dns: memory‑safety issue in the DNS name parser

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

Linux Distros Unpatched Vulnerability : CVE-2020-7925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially craft...

FreeRTOS-Plus-TCP Security Vulnerability

FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP versions prior to 4.1.1 that stems from a buffer over-read in the DNS response parser...

BIT-MONGODB-2020-7925 Denial of Service when processing malformed Role names

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0; MongoDB Server v4.2 versions pri...

SUSE CVE-2020-7925

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 version...

The vulnerability of the ndr_pull_dnsp_name parser in the Samba networking software package arises from allowing output operations to exceed the allowable buffer data size. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ndrpulldnspname parser in the Samba networking software package is related to the execution of operations within acceptable data buffer limits. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and cause...

Input validation

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 version...

CVE-2020-7925

Removed by vendor...

PT-2020-19850 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.4.0-rc12 MongoDB Server versions prior to 4.2.9 Description: The issue is caused by incorrect validation of user input in the role name parser, which may lead to the use of uninitialized memory. This allows ...

CVE-2017-12995

The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:nsprint...