11 matches found
ALPINE-CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
DEBIAN-CVE-2026-31659
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...
K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse vulnerability in the scsi:iscsi module...
MediaTek Chip Buffer Error Vulnerability
MediaTek chips are a variety of chips from MediaTek, a company owned by MediaTek of China. A buffer error vulnerability exists in the MediaTek chips, which stems from a lack of boundary checking in the CDMA PPP protocol module, which could result in out-of-bounds writes...
ALPINE-CVE-2022-32215
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...
httpd: memory corruption on early pushes
A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash...
ALPINE-CVE-2014-3230
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...
Brave Software: RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context
Summary: \395737 has shown that Brave supports chrome://brave/ URLs. The Brave team introduced a patch which blocks navigation to chrome://brave and removed chrome.remote.require to prevent command execution on the machine. Navigation to chrome://brave via shortcut files From my understanding: 1...
Common Open Policy Service Protocol module buffer overflow vulnerability in multiple Huawei products
Huawei USG6300 is a firewall device. TE30 is an all-in-one HD videoconferencing endpoint device. common open policy service protocol COPS is one of the common open policy service protocol COPS modules. (Common Open Policy Service Protocol COPS is one of the Common Open Policy Service Protocol COP...
SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3433 / 3436 / 3445)
This update of the SUSE Linux Enterprise Server 11 SP1 kernel brings the kernel to 2.6.32.24 and fixes some critical security bugs and other non-security bugs. Following security bugs were fixed : - A iovec integer overflow in RDS sockets was fixed which could lead to local attackers gaining kern...