33 matches found
CVE-2026-31196
The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...
EUVD-2026-27337
The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...
CVE-2026-31195
The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...
PT-2026-37057
Name of the Vulnerable Software and Affected Versions ALTICE LABS / SFR France GR140DG affected versions not specified ALTICE LABS / SFR France GR140IG affected versions not specified Description The ping diagnostic handler in the '/bin/httpd clientside' endpoint allows authenticated remote...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23159)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23159 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle...
EUVD-2014-1675
Malware in sbrugna...
SUSE CVE-2025-23159
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
UBUNTU-CVE-2025-23159
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
CVE-2025-23159
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr-bufsize is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to...
PT-2025-18413
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the media: venus: hfi component, where a check has been added to handle out-of-bounds OOB writes in the sfr...
Design/Logic Flaw
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...
CVE-2023-24826 Usage of Uninitialized Timer during forwarding of Fragments with SFR
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...
CVE-2023-24826 Usage of Uninitialized Timer during forwarding of Fragments with SFR
RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...
Cisco ASA-X With FirePOWER Services Authenticated Command Injection Exploit
This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual...
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine...
persodumobile.services.sfr.fr Cross Site Scripting vulnerability OBB-2145264
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
persodumobile.services.sfr.fr Cross Site Scripting vulnerability OBB-2131868
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
portail-junior.cp.m.sfr.fr Cross Site Scripting vulnerability OBB-2126014
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
hotspot.wifi.sfr.fr XSS vulnerability
Vulnerable URL: https://hotspot.wifi.sfr.fr/indexEncryptingChilli.php?res=smartclient= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| ...
sfr.fr XSS vulnerability
Vulnerable URL: https://www.sfr.fr/recherche/?perimetre=gsa=test" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1094 VIP website status:| Yes Check sfr.fr SSL connection:| Grade: ...