CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

EUVD-2025-198693

Malicious code in @alaan/s2s-auth npm...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

CVE-2022-43572 Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk S2S or HTTP Event Collector HEC protocols to an indexer results in a blockage or denial-of-service preventing further indexing...

Splunk Enterprise 8.1.x < 8.1.5, 8.2.x < 8.2.1 Authentication Bypass

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. Note that...

CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

CVE-2021-31559 S2S TcpToken authentication bypass

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

[WP-H3] S2S Transfer from the origin schain to another schain with automatic deploy disabled can cause funds to be frozen

Lines of code Vulnerability details When moving tokens that are native on the origin schain, to another schain, TokenManagerERC20.soltransferToSchainERC20 will be called, which calls exit - receiveERC20: if isMainChainToken data = receiveERC20 chainHash, addresscontractOnSchain, msg.sender, amoun...

Debian DLA-407-1 : prosody security update

The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attacker's domain as a suffix. For example, 'bber.example' would be able to connect to 'jabber.example' and successfully impersonate any vulnerable server on the network. This...

[SECURITY] [DLA 407-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...

DLA-407-1 prosody - security update

Bulletin has no description...

CVE-2012-3525

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...