kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

EUVD-2014-8655

Malware in sbrugna...

EUVD-2022-4142

Malicious code in bioql PyPI...

EUVD-2024-34737

Malicious code in bioql PyPI...

SUSE CVE-2023-53185

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to properly validate the target endpoint in a service connection response message, which could resul...

CVE-2025-0074

The CVE-2025-0074 issue affects Google Android’s sdp_discovery.cc (process_service_attr_rsp) where a use-after-free leads to remote code execution with network access and no user interaction. This is categorized as a critical RCE in Android 15 per the 2025-03-01 bulletin, with patch levels 2025-0...

PT-2023-28919 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The co...

kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

Improper Certificate Validation in Apache CXF

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers...

Authentication flaw

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD Active Directory authentication can be bypassed via a spoofed AS-REP Kerberos Authentication Service Response response sent over a hijacked KDC...

PT-2021-14656 · Jenkins · Jenkins Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TICS Plugin versions 2020.3.0.6 and earlier Description: The issue results in a cross-site scripting XSS vulnerability, which is exploitable by attackers able to control TICS service response content. This occurs because the plugin do...

Spoofed Server Attacks

cxf-rt-rs-security-xml is vulnerable to server spoofing attacks. The attacks are possible because the XML security clients fail to validate whether the JAX-RS service response is signed or encrypted...