19 matches found
PT-2026-42829
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The NewNTUnicodeString function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString a 16-bi...
CLSA-2026-1777322146 jq: Fix of CVE-2026-32316
CVE-2026-32316: fix heap buffer overflow in jvpstringappend and jvpstringcopyreplacebad caused by uint32t overflow in size calculations for strings exceeding INTMAX bytes...
kernel: HID: core: Harden s32ton() against conversion to 0 bits
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...
kernel: HID: core: Harden s32ton() against conversion to 0 bits
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...
kernel: HID: core: Harden s32ton() against conversion to 0 bits
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...
kernel: HID: core: Harden s32ton() against conversion to 0 bits
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...
CVE-2025-39815 RISC-V: KVM: fix stack overrun when loading vlenb
In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand...
Linux Distros Unpatched Vulnerability : CVE-2019-6488
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register f...
wolfTPM 安全漏洞
wolfTPM is a highly portable TPM library open-sourced by wolfSSL. A security vulnerability exists in wolfTPM, which stems from the fact that exporting an RSA key larger than 2048 bits may result in a stack buffer overflow...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: A potential out-of-bounds memory access occurred in nilfsfindentry. Syzbot reported that when searching records in a directory where the isize of an inode is corrupted and has a large value, memory access outside the...
SUSE CVE-2024-57899
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using oreachsetbitbit, &bits, sizeofchanged BITSPERBYTE, the...
AZL-68576 CVE-2024-57899 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using oreachsetbitbit, &bits, sizeofchanged BITSPERBYTE, the...
DEBIAN-CVE-2024-57899
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using oreachsetbitbit, &bits, sizeofchanged BITSPERBYTE, the...
PT-2025-3624
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to the wifi mac80211 component in the Linux kernel, where the size of an unsigned long is 4 bytes on 32-bit systems, while a u64 is 8 bytes. This leads to incorrect bit...
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...
AZL-27812 CVE-2023-29409 affecting package golang for versions less than 1.20.7-1
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
PT-2021-24228 · Gpac · Gpac
Name of the Vulnerable Software and Affected Versions: Gpac version 1.0.1 Description: An infinite loop issue exists in the gf get bit size function of Gpac. Recommendations: For Gpac version 1.0.1, consider disabling the gf get bit size function as a temporary workaround until a patch is...
DEBIAN-CVE-2018-14618
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...
CVE-2011-3489
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service crash via a crafted rna packet with a long string to TCP port 4446 that triggers 1 "a memset zero overflow" or 2 an out-of-bounds read, related to improper handling of ...