27 matches found
CVE-2026-33602 Off-by-one access when processing crafted UDP responses
A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...
CVE-2026-5358
The CVE affects the GNU C Library (glibc) up to version 2.43, where the obsolete nis_local_principal function can overflow a buffer in the data section. This may allow an attacker to spoof a crafted UDP response and overwrite neighboring static data in the requesting application. NIS support is d...
MiracleLinux 7 : gnome-shell-3.28.3-34.0.2.el7.AXS7 (AXSA:2025-9565:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9565:01 advisory. CVE-2024-36472: fix portal helper from launching automatically based on network responses to prevent loading untrusted JavaScript code CVEs: CVE-2024-36472 I...
CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
AZL-70171 CVE-2025-59089 affecting package python-kdcproxy 1.0.0-18
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
CVE-2025-62362
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...
CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...
EUVD-2025-34091
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...
EUVD-2024-36341
Malicious code in bioql PyPI...
Alibaba Cloud Linux 3 : 0248: gnome-shell and gnome-shell-extensions (ALINUX3-SA-2024:0248)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0248 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-36472: In GNOME Shell through 45.7, a port...
CLSA-2024-1735300286 gnome-shell: Fix of CVE-2024-36472
CVE-2024-36472: fix portal helper from launching automatically based on network responses to prevent loading untrusted JavaScript code...
gnome-shell: code execution in portal helper
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
gnome-shell: code execution in portal helper
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
Updated gnome-shell packages fix security vulnerability
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
gnome-shell: code execution in portal helper
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
CVE-2024-36472
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
UBUNTU-CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...