EUVD-2026-26698

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

Amazon Linux 2023 : ngtcp2, ngtcp2-crypto-gnutls, ngtcp2-crypto-gnutls-devel (ALAS2023-2026-1633)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1633 advisory. ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer...

[SECURITY] [DSA 6222-1] ngtcp2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6222-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 21, 2026 https://www.debian.org/security/faq -...

[SECURITY] Fedora 44 Update: cpp-httplib-0.37.1-2.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

CVE-2026-28799

A flaw was found in PJSIP. A remote attacker can exploit a heap use-after-free vulnerability within the event subscription framework by sending a specially crafted message during presence unsubscription. This can lead to a denial of service, making the affected system unavailable. Mitigation...

UBUNTU-CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

RHEL 9 : libssh (RHSA-2025:23024)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23024 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...

Linux Distros Unpatched Vulnerability : CVE-2025-61911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

EUVD-2014-6453

Malware in sbrugna...

CVE-2024-45402

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

CVE-2024-45402

CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...

CVE-2024-43544

Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability...

CentOS 9 : freerdp-2.4.1-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the freerdp-2.4.1-5.el9 build changelog. - Fix length checks in parallel driver 2136152 CVE-2022-39282 - Add missing length check in video channel 2136154 CVE-2022-39283 - FreeRDP ...

SUSE CVE-2024-25110

The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetofferedcapabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule...

CVE-2022-35747

Windows Point-to-Point Protocol PPP Denial of Service Vulnerability...

CVE-2023-21695

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

CVE-2022-39317

FreeRDP (ZGFX decoder) is affected by CVE-2022-39317: a missing range check on the input offset index in the ZGFX decoder can allow a malicious server to cause an out-of-bounds read and attempted decoding. This is addressed in FreeRDP version 2.9.0 and later. Affected products are FreeRDP librari...

CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...

Embedthis Software Appweb Embedthis HTTP Library Authentication Bypass Vulnerability

Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is mainly used for embedded applications, devices and web services with support for security defense policies, digest authentication, virtual hosting, etc. HTTP library is one of the HTTP libraries. The...

Introducing RubySMB: The Protocol Library Nobody Else Wanted To Write

The Server Message Block SMB protocol family is arguably one of the most important network protocols to be conversant in as a security professional. It carries the capability for File and Print Sharing, remote process execution, and an entire system of Named Pipes that serve as access points to a...