137 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-38571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over...
SUSE CVE-2025-38566
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...
SUSE CVE-2025-38571
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...
CVE-2025-38571
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...
CVE-2025-38566
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...
AZL-66467 CVE-2025-38571 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...
UBUNTU-CVE-2025-38571
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...
CVE-2025-38571 sunrpc: fix client side handling of tls alerts
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...
CVE-2025-38571
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...
CVE-2025-38571
The CVE-2025-38571 entry documents a Linux kernel flaw in sunrpc client-side handling of TLS alerts within NFS over TLS. The vulnerability stems from a misassumption that valid data resides in the msghdr iterator’s kvec, which could be exploited by TLS alert handling. The recommended fix reworks ...
CVE-2025-38566
CVE-2025-38566 affects the Linux kernel sunrpc tls alert handling in NFS over TLS. The root cause is the kTLS/read path interaction with TLS control messages and TLS alert payloads, where mis-splitting control message data can lead to incorrect processing and potential exploitation. The connected...
Linux Distros Unpatched Vulnerability : CVE-2021-20322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to...
Linux Distros Unpatched Vulnerability : CVE-2023-52577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in struct dccphdr, no...
PT-2025-33765
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A security issue was identified in the Linux kernel related to the handling of server-side TLS alerts within the sunrpc component. The tls alert recv function incorrectly assumed it...
TencentOS Server 2: bind (TSSA-2023:0246)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0246 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
CVE-2023-33044
Transient DOS in Data modem while handling TLB control messages from the Network...
CVE-2020-11157
u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
CVE-2020-27220
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configure...
SUSE SLES15 Security Update : openvpn (SUSE-SU-2025:1131-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1131-1 advisory. - CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147 Tenable has extracted the...
Security update for openvpn
This update for openvpn fixes the following issues: CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages bsc1235147 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...