1419 matches found
EUVD-2026-45677
In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: check URB actuallength for interrupt-IN notifications USBTMC devices can use an optional interrupt endpoint for notification messages. These typically contain two-byte headers indicating the payload format, but the...
CVE-2026-63886
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Validate CHAPR length before base64 decode chapservercomputehash allocates clientdigest as kzallocchap-digestsize and then, for BASE64-encoded responses, passes chapr directly to chapbase64decode without...
CVE-2026-64083 hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors
In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/adm1266 reject short block-read responses in the GPIO accessors adm1266gpioget and adm1266gpiogetmultiple both compose the pin-status word as pinsstatus = readbuf0 + readbuf1 8; right after i2csmbusreadblockdata,...
EUVD-2026-45569
In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis: require exact CDB reply length Malicious SFP module could respond with rpllen longer than what cmiscdbprocessreply expected, leading to OOB writes. Malicious HW is a bit theoretical but some modules may just be bug...
CVE-2026-63985
CVE-2026-63985 relates to the Linux kernel ethtool eeprom Netlink fallback path. The vulnerability stems from missing validation that the read offset plus length stays within the EEPROM length in the Netlink fallback (fallback_set_params()), unlike the ioctl path (ethtool_get_any_eeprom()) which ...
websocket-driver: Resource limit bypass via message compression
Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...
SUSE SLES15 Security Update : kernel (Live Patch 49 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2932-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2932-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.197 fixes various security issues The following security issues were fixed: ...
JLSEC-2026-749 HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted...
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...
JLSEC-2026-694 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer...
OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...
CVE-2026-10672 Unterminated URI buffer causes out-of-bounds read in LwM2M firmware pull (Package URI)
subsys/net/lib/lwm2m/lwm2mpullcontext.c copied the firmware-update Package URI into a fixed static buffer context.uri, size CONFIGLWM2MSWMGMTPACKAGEURILEN, default 128 with memcpycontext.uri, uri, LWM2MPACKAGEURILEN, copying exactly the destination size with no length validation. The...
Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
SUSE-SU-2026:2945-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
CVE-2026-10665
In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...
CVE-2026-10665 Heap buffer overflow on WireGuard receive path via unbounded incoming packet length
In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...
CVE-2026-50721
Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...
CVE-2026-50721
CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...
SUSE CVE-2026-53074
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access...
SUSE-SU-2026:2697-1 Security update for opensc
This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to cra...
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and includin...
EUVD-2026-39565
HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...