CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR Unified Data Repository service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends a...

📄 Piciorgros TMO-100 Information Disclosure

Piciorgros TMO-100 suffers from an issue where it provides unauthorized log data access. It affects versions prior to 4.20. PDF advisory: https://rt-solutions.de/piciorgros/PiciorgrosTMO-100IP-Loggeren.pdf Classification -------------- - CWE-200: Exposure of Sensitive Information to an Unauthoriz...

SUSE CVE-2017-11147

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the pharparsepharfile function in ext/phar/phar.c...

UBUNTU-CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

DEBIAN-CVE-2022-2582

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

CVE-2022-34851 BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed request...

Schneider Electric ConneXium Network Manager Software安全漏洞

Schneider Electric ConneXium Network Manager Software, an industrial Ethernet network management software from Schneider Electric, France, is vulnerable to a denial of service in Schneider Electric ConneXium Network Manager Software03.23 and earlier versions contain a denial of service...

Schneider Electric IGSS 缓冲区错误漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

CVE-2018-0243

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 SMB2 and SMB Version 3 SMB3 protocols if malware is detected. The...

CVE-2017-8206

HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily...

CVE-2017-8182

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to...

mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

PT-2009-3421 · Elby +1 · Virtual Clonedrive +4

Name of the Vulnerable Software and Affected Versions: ElbyCDIO.sys versions 6.0.2.0 and earlier AnyDVD versions prior to 6.5.2.6 Virtual CloneDrive versions 5.4.2.3 and earlier CloneDVD versions 2.9.2.0 and earlier CloneCD versions 5.3.1.3 and earlier Description: The issue exists due to an erro...