CVE-2026-45865

mctp i2c: initialise event handler read bytes...

GO-2026-4728 Tillitis TKey Client has an Error in Protocol Implementation in github.com/tillitis/tkeyclient

Tillitis TKey Client has an Error in Protocol Implementation in github.com/tillitis/tkeyclient...

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

Google Android Protocol Implementation Incorrect Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an incorrect protocol implementation vulnerability that ca...

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an incorrect protocol implementation vulnerability that ca...

ASB-A-251514171

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Wireshark Security Update (wnpa-sec-2025-01) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Quinn 安全漏洞

Quinn is a pure Rust, asynchronous compatible implementation of the IETF QUIC transport protocol from the quinn-rs open source. A security vulnerability exists in Quinn versions 0.11.0 through 0.11.6. An attacker could exploit this vulnerability to cause a denial of service in an application...

Google Android Authentication Bypass Vulnerability (CNVD-2024-33528)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authentication bypass vulnerability that stems from an incorrect protocol implementation in the smpprocrand method of the smpact.cc file, which can be exploited by an attacker to potentially...

CVE-2024-34722

In smpprocrand of smpact.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

USN-6828-1: Linux kernel (Intel IoTG) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

[SECURITY] Fedora 40 Update: qt6-qtmqtt-6.7.1-1.fc40

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

USN-6626-2: Linux kernel vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...

platform will get 40 percent of fee if fee are below 100

Lines of code Vulnerability details Impact PlatForm will get 40 percent of fee when price is below 100 cause of rounding error Proof of Concept uint256 public constant HOLDERCUTBPS = 3300; // 33% uint256 public constant CREATORCUTBPS = 3300; // 33% protocol implement that holder and creator will...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

The vulnerability in the implementation of the PAPI network protocol for ArubaOS operating systems allows a hacker to execute arbitrary code.

The vulnerability of the PAPI network protocol implementation in ArubaOS operating systems lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted packets...

The Reciprocal Value of Access to Maintainers

Last May I left Google to build a more sustainable model for Open Source maintenance. After a summer break, I resumed my maintenance work on the Go project in September, and I started offering my services to companies that rely on Go. My vision is that of Open Source maintenance as a real...