42 matches found
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
CVE-2026-32952
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993299)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993299 advisory. In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skbmacheader in ndostartxmit Drivers should not assume skbmacheaderskb ==...
EUVD-2020-17866
Malware in sbrugna...
EUVD-2023-42336
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-38035
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null skstatechange queue-statechange is set as part of nvmettcpsetqueuesock, but if the TCP connection isn't established when nvmettcpsetqueuesock is called then queue-statechange isn't set and...
CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2020-25179
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network...
CVE-2020-25175
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network...
UBUNTU-CVE-2025-37777
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2leasebreaknoti Move tcptransport free to ksmbdconnfree. If ksmbd connection is referenced when ksmbd server thread terminates, It will not be freed, but conn-tcptransport is freed...
Thales Luna EFT 安全漏洞
Thales Luna EFT is a high-security hardware security module from Thales France designed specifically for financial transactions and payment processing. A security vulnerability exists in Thales Luna EFT version 2.1, which stems from a network transport using AES KHT that allows a user to access...
UBUNTU-CVE-2023-6536
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...
Microsoft QUIC Denial of Service Vulnerability (CNVD-2023-92205)
Microsoft QUIC is a network transport protocol from Microsoft. A denial of service vulnerability exists in Microsoft QUIC, which can be exploited by an attacker to cause a denial of service...
Microsoft QUIC Denial of Service Vulnerability
Microsoft QUIC is a network transport protocol from Microsoft. A denial of service vulnerability exists in Microsoft QUIC, which can be exploited by an attacker to cause a denial of service...
Microsoft QUIC 安全漏洞
Microsoft QUIC is a network transport protocol from Microsoft. A denial of service vulnerability exists in Microsoft QUIC, which can be exploited by an attacker to cause a denial of service...
CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
Race condition
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2023-38537
CVE-2023-38537 describes a race condition in a network transport subsystem that can cause a heap use-after-free in established or unsilenced incoming audio/video calls, potentially leading to app termination or unintended control flow with very low probability. Public sources (NVD/Red Hat and rel...
CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...