EUVD-2025-6300

Malicious code in bioql PyPI...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400...

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

Linux Distros Unpatched Vulnerability : CVE-2023-0215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME...

Linux Distros Unpatched Vulnerability : CVE-2015-8867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the...

CVE-2023-24010 Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

CVE-2023-24010

CVE-2023-24010 describes an Achilles’ heel in some DDS vendor configurations: an attacker can craft malicious DDS Participants or ROS 2 Nodes with valid certificates to take control of a secure DDS databus. The root cause is a non-compliant verification of permission documents, specifically an im...

AlmaLinux 8 : edk2 (ALSA-2024:0888)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0888 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or...

CVE-2023-0286 X.400 address type confusion in X.509 GeneralName

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

CVE-2007-4662

Buffer overflow in the phpopensslmakeREQ function in PHP before 5.2.4 has unknown impact and attack vectors...

PHP php_openssl_apply_verification_policy 函数登录绕过

No description provided by source...

openSUSE Security Update : libnasl (libnasl-451)

This update of libnasl adds missing return value checks for openssl function calls. CVE-2009-0125 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libnasl-451. The text description of this plug...

Debian Security Advisory DSA 1703-1 (bind9)

The remote host is missing an update to bind9 announced via advisory DSA 1703-1. OpenVAS Vulnerability Test $Id: deb17031.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1703-1 bind9 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian: Security Advisory (DSA-1702-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...