Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP , the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to inclu...

EUVD-2014-0700

Malware in sbrugna...

EUVD-2007-4252

Malware in sbrugna...

Malicious code in @augloop/session-protocol (npm)

The package @augloop/session-protocol was found to contain malicious code...

MAL-2025-7096 Malicious code in @augloop/session-protocol (npm)

The package @augloop/session-protocol was found to contain malicious code...

CVE-2024-6974

Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34...

CVE-2024-20375

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...

PT-2024-18808 · Unknown · Dar Service

Name of the Vulnerable Software and Affected Versions: Dar service versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper access control in the Dar service, allowing local attackers to bypass restrictions for calling SDP features. Recommendations: For versions prio...

SUSE CVE-2016-6512

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvbgetguintvar function, which allows remote attackers to cause a denial of service infinite loop via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors...

SUSE CVE-2016-10326

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osipbodytostr function defined in osipparser2/osipbody.c, resulting in a remote DoS...

DEBIAN-CVE-2017-6471

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length...

ALPINE-CVE-2017-6471

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length...

DEBIAN-CVE-2016-6506

epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service infinite loop via a crafted packet...

DEBIAN-CVE-2016-2385

Heap-based buffer overflow in the encodemsg function in encodemsg.c in the SEAS module in Kamailio formerly OpenSER and SER before 4.3.5 allows remote attackers to cause a denial of service memory corruption and process crash or possibly execute arbitrary code via a large SIP packet...

Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability

A vulnerability in the Wireless Session Protocol WSP function of Cisco ASR 5000 Series Gateway GPRS Support Node GGSN could allow an unauthenticated, remote attacker to browse free of charge instead of being redirected to a Top-Up portal. The vulnerability is due to incorrect processing of certai...

CVE-2014-0669

The Wireless Session Protocol WSP feature in the Gateway GPRS Support Node GGSN component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371...

CVE-2014-0669

Cisco ASR 5000 Series Gateway GPRS Support Node (GGSN) vulnerability: the Wireless Session Protocol (WSP) mis-processes certain WSP packets, allowing an unauthenticated, remote attacker to bypass Top‑Up payment restrictions (browse without charging). Root cause: incorrect handling of WSP packets....

DEBIAN-CVE-2008-0295

Heap-based buffer overflow in modules/access/rtsp/realsdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service crash or execute arbitrary code via long Session Description Protocol SDP data...

Integer overflow

Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol ASP message on an AppleTalk socket, which triggers a heap-based buffer overflow...

CVE-2007-4269

Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol ASP message on an AppleTalk socket, which triggers a heap-based buffer overflow...