CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

SUSE CVE•added 2026/01/31 12:24 a.m.•4 views

SUSE CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

7.5CVSS6.3AI score0.00517EPSS

Exploits1References3

UbuntuCve•added 2026/01/29 10:15 p.m.•2 views

CVE-2026-25061

7.5CVSS5.9AI score0.00517EPSS

Exploits1References2

EUVD•added 2026/01/29 9:42 p.m.•5 views

EUVD-2026-4944

6.9CVSS6.3AI score0.00517EPSS

Exploits1References1

CVE•added 2026/01/29 9:42 p.m.•26 views

CVE-2026-25061

tcpflow is affected by a TIM element handling bug in wifipcap: a crafted 802.11 frame with a large TIM length can cause a 1‑byte out‑of‑bounds write at tim.bitmap[251], due to a faulty length check. The overflow is on a stack‑allocated structure in handle_beacon; impact is DoS with potential (but...

7.5CVSS6.3AI score0.00517EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2026/01/22 12:0 a.m.•6 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38157)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38157 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Abort software beacon...

7.8CVSS5.3AI score0.00158EPSS

Exploits0References2

OSV•added 2026/01/20 8:9 a.m.•9 views

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

7.8CVSS6AI score0.21314EPSS

Exploits0References1

SUSE CVE•added 2025/07/03 11:22 p.m.•1 views

SUSE CVE-2025-38157

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Abort software beacon handling if disabled A malicious USB device can send a WMISWBAEVENTID event from an ath9khtc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver...

5.3CVSS6.5AI score0.00158EPSS

Exploits0References23

OSV•added 2025/07/03 9:15 a.m.•0 views

DEBIAN-CVE-2025-38157

7.8CVSS5.7AI score0.00158EPSS

Exploits0References1

OSV•added 2025/07/03 9:15 a.m.•3 views

AZL-64508 CVE-2025-38157 affecting package kernel for versions less than 6.6.96.1-1

7.8CVSS6.8AI score0.00158EPSS

Exploits0References1

NVD•added 2025/07/03 9:15 a.m.•4 views

CVE-2025-38157

7.8CVSS0.00158EPSS

Exploits0References10

CVE•added 2025/07/03 8:35 a.m.•74 views

CVE-2025-38157

Affected software: Linux kernel driver ath9k_htc (wifi). Issue: when an adversarial USB device emits WMI_SWBA_EVENTID before beaconing is enabled, ath9k_htc_swba() may trigger a device-by-zero error causing a crash or out-of-bounds read. Root cause: improper handling of software beacon processing...

7.8CVSS7.1AI score0.00158EPSS

Exploits0References10Affected Software1

Cvelist•added 2025/07/03 8:35 a.m.•6 views

CVE-2025-38157 wifi: ath9k_htc: Abort software beacon handling if disabled

0.00158EPSS

Exploits0References8

Debian CVE•added 2025/07/03 8:35 a.m.•3 views

CVE-2025-38157

7.8CVSS5.7AI score0.00158EPSS

Exploits0

OSV•added 2025/06/18 11:15 a.m.•1 views

DEBIAN-CVE-2022-49942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case. This causes the fo...

5.5CVSS5.3AI score0.00211EPSS

Exploits0References1

SUSE CVE•added 2025/02/27 3:8 a.m.•1 views

SUSE CVE-2022-49315

In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fix deadlock in rtllibbeaconsstop There is a deadlock in rtllibbeaconsstop, which is shown below: Thread 1 | Thread 2 | rtllibsendbeacon rtllibbeaconsstop | modtimer spinlockirqsave //1 | wait a time...

5.5CVSS7.8AI score0.00189EPSS

Exploits0References9

RedhatCVE•added 2024/05/22 8:56 a.m.•13 views

CVE-2021-47396

In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglx that our handling of the hrtimer here is wrong: If the timer fires late e.g. due to vCPU scheduling, as reported b...

4.4CVSS6.6AI score0.00239EPSS

Exploits0References4

Vulnrichment•added 2024/05/21 3:3 p.m.•11 views

CVE-2021-47396 mac80211-hwsim: fix late beacon hrtimer handling

6.8AI score0.00239EPSS

Exploits0References4

NVD•added 2024/02/15 5:15 a.m.•9 views

CVE-2022-23088

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode i.e., not associated with a SSID a malicious beacon frame may overwrite kernel memory, leading to remote code...

9.8CVSS7.1AI score0.0362EPSS

Exploits0References1