CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

ImapEngine 安全漏洞

ImapEngine is an email management interface developed by DirectoryTree. Versions of ImapEngine prior to 1.22.3 contained security vulnerabilities. These vulnerabilities stemmed from the id function in ImapConnection.php, which had improper handling of user input. This could allow attackers to rea...

EUVD-2019-0998

Malware in sbrugna...

CVE-2025-8627 Unauthenticated Protocol Commands on TP-Link KP303

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 US Smartplug: before 1.1.0...

Rewards cannot be transferred when calling protocol command

Lines of code Vulnerability details Summary Rewards are set up using protocol commands, but it's entrypoint is not payable. Impact Rewards can be set up by protocol authorities using the functions setConcRewards and setAmbRewards present in the LiquidityMiningPath contracts. These two are part of...

SUSE CVE-2009-0368

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a 1 low level APDU command or 2 debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program...

SUSE CVE-2019-0203

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server...

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

CLSA-2022-1649696379 Fix of CVE: CVE-2021-3618

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

CLSA-2022-1649696332 Fix of CVE: CVE-2021-3618

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

CLSA-2022-1649695783 Fixed CVE-2021-3618 in nginx

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

CLSA-2022-1649695737 Fix CVE(s): CVE-2021-3618

SECURITY UPDATE: Vulnerability against application layer protocol content confusion attack - debian/patches/CVE-2021-3618.patch: Drop the connection after reaching the specified number of invalid protocol commmands - CVE-2021-3618...

CLSA-2022-1649695619 Fix of CVE: CVE-2021-3618

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

Fix of CVE: CVE-2021-3618

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

Nextcloud 注入漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An injection vulnerability exists in Nextcloud Calendar, which originates from injecting SMTP commands in email messages via line breaks...

Mageia: Security Advisory (MGASA-2018-0355)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Authentication flaw

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...