45 matches found
CVE-2025-24531
In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...
EUVD-2022-5172
Malicious code in bioql PyPI...
EUVD-2021-28422
Malicious code in bioql PyPI...
CVE-2025-1445
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are...
Linux Distros Unpatched Vulnerability : CVE-2025-21807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. F...
GO-2024-3250 Improper error handling in ParseWithClaims and bad documentation may cause dangerous situations in github.com/golang-jwt/jwt
Improper error handling in ParseWithClaims and bad documentation may cause dangerous situations in github.com/golang-jwt/jwt...
firefox: thunderbird: Cross origin video frame leak
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Video frames could have been leaked between origins in some situations...
CVE-2024-51744 Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
firefox: thunderbird: Cross origin video frame leak
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Video frames could have been leaked between origins in some situations...
CVE-2023-52910
In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In allocandinsertiovarange, there is an issue that retrypfn overflows. The value of iovad-anchor.pfnhi is 0UL, then when iovad-cachednode is iovad-anchor, curriova-pfnhi + 1 will overflo...
CVE-2021-47581
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2021-47581
...
RHEL 8 : expat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 - In libexpat through 2.4....
CVE-2023-52498 PM: sleep: Fix possible deadlocks in core system-wide PM code
In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because asyncscheduledev executes its argument function synchronously if it...
Security Operations (SecOps)
Understanding the Basics of Security Operations SecOps SecOps represents the blending of cybersecurity proficiency with operational domains, forming a powerful bulwark. Its primary mission lies in safeguarding the fundamental data assets and technological infrastructures of an organization. More...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libssh vulnerabilities (USN-6592-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-1 advisory. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possib...
Slackware Linux 14.2 / 15.0 / current libssh Multiple Vulnerabilities (SSA:2023-353-01)
The version of libssh installed on the remote host is prior to 0.10.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-353-01 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
Rocky Linux 9 : expat (RLSA-2023:0337)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0337 advisory. - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory...
Lack of force resume support for LZ which is crucially important to have
Lines of code Vulnerability details Impact The User Application LZReceiver should implement the ILayerZeroUserApplicationConfig interface which includes the forceResumeReceive function. This is very important as in the worst case, it can allow the owner to unblock the queue of messages if somethi...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...