12564 matches found
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
SUSE-SU-2026:20902-1 Security update for libsoup
This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...
OPENSUSE-SU-2026:20384-1 Security update for libsoup
This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...
EUVD-2026-12786
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...
EUVD-2026-12787
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...
EUVD-2026-12789
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
Security update for gvfs
This update for gvfs fixes the following issues: CVE-2026-28295: Fix ftp use control connection address for PASV data bsc1258953. CVE-2026-28296: Fix ftp reject paths containing CR/LF characters bsc1258954. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
CVE-2026-22320
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22318
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...
CVE-2026-22317
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...
SUSE-SU-2026:0916-1 Security update for gvfs
This update for gvfs fixes the following issues: - CVE-2026-28295: fixed by using control connection address for PASV data bsc1258953. - CVE-2026-28296: fixed by rejecting paths containing CR/LF characters bsc1258954...
CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22320
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22320
A stack-based buffer overflow in the CLI’s TFTP file-transfer command handling can be triggered by a low-privileged attacker with Telnet/SSH access by supplying an unexpected or oversized filename input. This memory corruption affects the internal buffer, rendering the CLI and web dashboard unava...
CVE-2026-22318
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...
CVE-2026-22318 Stack-Based Buffer Overflow in File Transfer Parameter Handling
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...
CVE-2026-22318 Stack-Based Buffer Overflow in File Transfer Parameter Handling
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...
CVE-2026-22318
CVE-2026-22318 describes a stack-based buffer overflow in the device’s file transfer parameter workflow. A high-privilege attacker can send oversized POST parameters, leading to memory corruption in an internal process and a DoS condition. The affected component is the file transfer parameter han...
CVE-2026-22317
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...