Lucene search
K

203 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: media: s5pcec: limit msglen to CECMAXMSGSIZE I expect that the hardware will have limited this value to 16, but just in case it isn’t the case, check for this corner case...

5.5CVSS6.2AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.9 views

EUVD-2026-27688

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

6.1AI score0.00426EPSS
Exploits0References5
CVE
CVE
added 2026/05/06 11:27 a.m.35 views

CVE-2026-43125

CVE-2026-43125 affects the Linux kernel dlm module. The vulnerability stems from unvalidated length in dlm_dump_rsb_name() coming from network messages, allowing an out-of-bounds write in dlm_search_rsb_tree() when the length exceeds DLM_RESNAME_MAXLEN. This could enable denial of service and, in...

9.8CVSS6.1AI score0.00426EPSS
Exploits0References17Affected Software1
OSV
OSV
added 2026/05/04 10:15 a.m.38 views

ALPINE-CVE-2026-33846

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 10:15 a.m.22 views

CVE-2026-33846

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS0.01263EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/05/04 9:8 a.m.57 views

CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS0.01263EPSS
Exploits0References18
EUVD
EUVD
added 2026/05/04 9:8 a.m.7 views

EUVD-2026-26926

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 9:8 a.m.5 views

CVE-2026-33846

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6AI score0.01263EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability, which stems from the mergehandshakepacket function in the DTLS handshake reassembly logic not verifying the...

7.5CVSS5.9AI score0.01263EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 12:4 a.m.9 views

OSV-2026-608 Stack-buffer-overflow in is_http

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504809218 Crash type: Stack-buffer-overflow READ Crash state: ishttp stungetmessagelenstr FuzzStunClient.c...

5.7AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:3 a.m.5 views

can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/25 5:1 p.m.7 views

CVE-2026-23307

A flaw was found in the Linux kernel's emsusb module. This vulnerability occurs because the system does not properly verify the length of messages it receives. An attacker could exploit this weakness by sending specially crafted messages, potentially causing the system to crash Denial of Service...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.13 views

SUSE CVE-2026-23307

In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References16
NVD
NVD
added 2026/03/25 11:16 a.m.4 views

CVE-2026-23307

In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...

5.5CVSS0.00123EPSS
Exploits0References8
NVD
NVD
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.5CVSS0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/03/25 10:27 a.m.19 views

CVE-2026-23307

CVE-2026-23307 concerns the Linux kernel CAN/EMS USB code, where ems_usb_read_bulk_callback() failed to validate message lengths, reading beyond buffers because actual_length can exceed the expected transfer_buffer_length, risking overflow when parsing messages. The root cause is insufficient len...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.19 views

CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message

In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...

0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:26 a.m.4 views

CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.6AI score0.00123EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/31 12:27 p.m.12 views

CVE-2022-50859

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...

5.5CVSS5.8AI score0.00206EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/31 12:26 a.m.5 views

SUSE CVE-2023-54314

In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach af9005i2cxfer. If...

5.5CVSS6.5AI score0.00165EPSS
Exploits0References17
Rows per page
Query Builder