6174 matches found
CVE-2026-23447
The CVE-2026-23447 issue concerns the Linux kernel USB CDC NCM driver (cdc_ncm). The root cause is a bounds-check failure in handling NDP32 frames where the DPE array size is not correctly validated against the skb length due to neglecting ndpoffset, allowing out-of-bounds reads when an NDP32 sit...
EUVD-2026-18931
Electron: USB device selection not validated against filtered device list...
Electron: USB device selection not validated against filtered device list
Impact The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's...
PT-2026-29996
Impact The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's...
PT-2026-30166
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the serial core related to handling transmission for unknown ports PORT UNKNOWN. Inconsistencies between uart write room and uart write when xmit buf ...
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
SUSE-SU-2026:20993-1 Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...
OPENSUSE-SU-2026:20459-1 Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...
freerdp: FreeRDP heap-use-after-free
A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...
EUVD-2026-17614
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...
Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2026:1153-1 Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902...
Security update for perl-XML-Parser
This update for perl-XML-Parser fixes the following issues: CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. CVE-2006-10003: off-by-one heap buffer overflow in stserialstack bsc1259902. Patch Instructions: To install this SUSE update use the SUSE...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the WebUSB policy, which could allow access to potentially sensitive information...
DEBIAN-CVE-2025-49010
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
CVE-2025-66215
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...
CVE-2025-49010
OpenSC before version 0.27.0 is vulnerable to a stack-buffer-overflow write in GET RESPONSE when a crafted USB device or smart card presents specially crafted APDU responses. The attack requires physical access and user/administrator interaction with the token. A fix exists in OpenSC 0.27.0 and l...