472 matches found
EUVD-2023-28817
Malicious code in bioql PyPI...
EUVD-2022-32653
Malicious code in bioql PyPI...
EUVD-2023-28815
Malicious code in bioql PyPI...
Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024167 fixes several issues. The following security issues were fixed: CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38181: calipso: Fix null-ptr-deref in calipsoreqset,delattr bsc1246001. CVE-2025-38498: dochangetype:...
CVE-2025-21488
CVE-2025-21488 affects Qualcomm closed‑source components (Data Network Stack & Connectivity) and is caused by improper handling of padding bits when decoding RTP packet headers, leading to information disclosure in the UE. The CVE is described as a buffer over‑read/information leak. Public connec...
CVE-2025-21488 Buffer Over-read in Data Network Stack & Connectivity
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set...
CVE-2025-21488 Buffer Over-read in Data Network Stack & Connectivity
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set...
CVE-2025-21487
CVE-2025-21487 concerns information disclosure in Qualcomm closed‑source components due to incorrect handling of RTP payload length when decoding packets. The root cause is a buffer length mismatch that can lead to over-read and leakage of information from the UE. The vulnerability is categorized...
CVE-2025-21487 Buffer Over-read in Data Network Stack & Connectivity
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length...
CVE-2025-21484
CVE-2025-21484 is an information-disclosure issue described as a buffer over-read in the Qualcomm data-network stack, triggered when a User Equipment (UE) decodes and reassembles RTP fragments received over the network. Public descriptions consistently state that the vulnerability causes informat...
CVE-2025-21484 Buffer Over-read in Data Network Stack & Connectivity
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet...
CVE-2025-21483 Improper Restriction of Operations within the Bounds of a Memory Buffer in Data Network Stack & Connectivity
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs...
CVE-2025-21483 Improper Restriction of Operations within the Bounds of a Memory Buffer in Data Network Stack & Connectivity
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent bsc1245110. CVE-2022-50116: tty: ngsm: fix deadlock and link starvation in outgoing data path...
CVE-2025-54093
Time-of-check time-of-use toctou race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft
This is a rather flaky poc for CVE-2024-38063, a RCE in tcpip.sys patched on August 13th 2024. I didn't find and report this vuln, that would be Wei. requirements pip3 install scapy usage Modify the fields in the script: - iface tcpip!Ipv6pProcessOptions - tcpip!IppSendErrorList being hit? - Brea...
CVE-2025-39703 net, hsr: reject HSR frame if skb can't hold tag
In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...
CVE-2025-38718
CVE-2025-38718 affects the Linux kernel SCTP implementation. The issue arises when cloning head skbs with fraglists, causing use-after-likes from sharing frag skbs and leading to uninitialized-value bugs (KMSAN) in sctp_inq_pop and related code paths. The fix patches sctp_rcv() to linearize clone...
net: appletalk: Fix device refcount leak in atrtr_create()
...
ROS-20250829-04
A vulnerability in a network stack designed to manage Netavark container networks is related to the removal of the of the dns.podman search domain. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive information...