1278 matches found
CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
Improper Control of Interaction Frequency
Overview django-phone-verify is an A Django app to support phone number verification using security code sent via SMS. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to the absence of failed attempt tracking and lockout mechanisms in the...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2025-15280
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
EUVD-2022-55839
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2023-54300
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
UBUNTU-CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2022-50859 cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2022-50859
CVE-2022-50859 : Linux kernel CIFS: fix for the error length of VALIDATE_NEGOTIATE_INFO message. The fix shortens the message from 28 bytes to 26 bytes by correcting the extended-dialect length after adding smb3.1.1 to the default dialect list. Root cause: after extending the dialects from 3 to 4...
CVE-2022-50859 cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect length of the VALIDATENEGOTIATEINFO message, which could lead to information disclosure...
PT-2025-53977
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's CIFS implementation related to the length of the VALIDATE NEGOTIATE INFO message. A commit extended the dialects from 3 to 4 but failed to adjust the...
PT-2025-53196
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A condition exists in the Linux kernel where a race between inotify freeing mark and inotify handle inode event can lead to the reporting of an event with an invalid watch descriptor wd ...
EUVD-2025-204876
Malicious code in rpc-validate npm...
Malicious Package
Overview rpc-validate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in rpc-validate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c08295788ac997e7566fad616096d89ea31e26771abbd32fb6d42f199875f2 The package rpc-validate was found to contain malicious code. Source: ghsa-malware 95f6f8651242afb77a3d28835bf912aacbfc4e3abbc3da2313fb6c3bd0c12ed1 A...
MAL-2025-192749 Malicious code in rpc-validate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c08295788ac997e7566fad616096d89ea31e26771abbd32fb6d42f199875f2 The package rpc-validate was found to contain malicious code. Source: ghsa-malware 95f6f8651242afb77a3d28835bf912aacbfc4e3abbc3da2313fb6c3bd0c12ed1 A...