476 matches found
ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization
Zoho ManageEngine OpManager Stable build before 125203 and Released build before 125233 allows Remote Code Execution via the Smart Update Manager SUM servlet. id: CVE-2020-28653 info: name: ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization author: iamnoooob,pdresearch severity:...
CVE-2026-8288
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
CVE-2026-37229
FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...
CVE-2026-37229
FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...
CVE-2026-37229
CVE-2026-37229 affects FlexRIC v2.0.0. A reachable assertion in e2ap_create_pdu() is triggered when ASN.1 PER decoding fails, allowing a remote unauthenticated attacker to send a non-PER byte sequence (e.g., 0x00) over SCTP to the near-RT RIC at port 36421 or iApp at port 36422 to crash the proce...
PT-2026-45508
FlexRIC v2.0.0 contains a reachable assertion in e2ap create pdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...
CVE-2026-37227
FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...
CVE-2026-44420 FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard cliprdr channel by sending a CBCLIPCAPS PDU with a too-small capabilitySetLength. This can crash the server process...
FreeRDP 安全漏洞
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from malicious RDP clients being able to trigger a heap buffer overflow write in the server-side clipboard...
CVE-2026-44473 Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
CVE-2026-44473
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
CVE-2026-44473 Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
Astra Linux - уязвимость в ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux - уязвимость в ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fixed a kernel panic that occurs when the host sends an invalid H2C PDU length. If the host sends an H2CData command with an invalid DATAL value, the kernel may crash in the nvmettcpbuildpduiovec function. This issue...
Astra Linux - уязвимость в ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0
A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign. The...
OSV-2026-762 Heap-buffer-overflow in coap_pdu_parse_header
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783540 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...
OSV-2026-736 Heap-buffer-overflow in coap_pdu_parse_header
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512517700 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...
CVE-2026-8266
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsmbuildpdusessionestablishmentaccept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be used...