64 matches found
[SECURITY] [DSA 6367-1] dnsdist security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6367-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...
CVE-2026-42082
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...
CVE-2026-42082 free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...
EUVD-2026-32556
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...
CVE-2026-42082
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...
PT-2026-39668
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.10.0 Description Ella Core fails to enforce security rules regarding the concurrent execution of security procedures. Specifically, the system may send a NAS Security Mode Command while an N2 handover is still...
DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...
ARuleCon: Agentic Security Rule Conversion
Security Information and Event Management SIEM systems make it possible for detecting intrusion anomalies in real-time manner by their applied security rules. However, the heterogeneity of vendor-specific rules e.g., Splunk SPL, Microsoft KQL, IBM AQL, Google YARA-L, and RSA ESA makes...
EUVD-2019-13933
Malware in sbrugna...
EUVD-2021-21404
Malware in sbrugna...
CVE-2019-4326
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...
GHSA-FF77-26X5-69CR Apache Tomcat Rewrite rule bypass
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...
WAF Bypass
github.com/corazawaf/coraza is vulnerable to WAF Bypass. The vulnerability is due to improper URI normalization or incorrect parsing of request URIs that start with //, allows an attacker to bypass security rules and potentially evade WAF protections, leading to an incorrect REQUESTFILENAME value...
Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true:...
PT-2024-41084 · Iptables · Iptables
Name of the Vulnerable Software and Affected Versions: iptables affected versions not specified Description: The issue is related to insecure privilege management in the iptables utility for configuring and managing packet filtering rules in the Linux operating system. Exploitation of this issue...
ALPINE-CVE-2023-49298
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...
DEBIAN-CVE-2023-49298
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...
UBUNTU-CVE-2023-49298
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...
PT-2023-31158 · Unknown +3 · Gnu Core Utilities +3
Name of the Vulnerable Software and Affected Versions: OpenZFS versions 2.1.13 and earlier OpenZFS versions 2.2.x through 2.2.1 Description: The issue is related to the replacement of file contents with zero-valued bytes, potentially disabling security mechanisms in certain scenarios involving...
CVE-2023-20215
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...