1216 matches found
CVE-2025-38736
In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits 0-31. Without this mask, invalid PHY...
UBUNTU-CVE-2025-38736
In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits 0-31. Without this mask, invalid PHY...
CVE-2025-38736
Technical details about CVE-2025-38736 are not provided in the connected documents. The initial description notes a Linux kernel MDIO PHY address masking fix (mask with 0x1f) in net: usb: asix_devices to prevent OOB/invalid MDIO addresses. Connected advisories reference the CVE, but do not supply...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from the insn-n sample not being handled by the insnrwemulatebits function of the comedi module...
Linux Distros Unpatched Vulnerability : CVE-2024-34244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbuswritebits function. This issue can be triggered when the function is fed with specially crafted...
PT-2025-49070
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-syzkaller Description The Linux kernel had an uninitialized value issue within the hfs find set zero bits function, specifically related to the HFS filesystem. The issue was identified by syzbot and involv...
Linux Distros Unpatched Vulnerability : CVE-2006-4484
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact...
CVE-2025-55398
An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...
Linux Distros Unpatched Vulnerability : CVE-2017-15423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password b...
AZL-66491 CVE-2025-38556 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the s32ton function not being handled correctly when converting 0 bits, which could lead to a crash...
kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...
Linux Distros Unpatched Vulnerability : CVE-2025-38433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the runtimefixup32 function does not...
DEBIAN-CVE-2025-38530
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl812: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if 1 options1 & board-irqbits However, it-optionsi is an unchecked int value from userspace, so the shift amount...
Malicious code in observed-bits (npm)
The package observed-bits was found to contain malicious code...
use-rtg (>=1.0.1 <=1.0.3) potentially affected by unknown CVE via observed-bits (=0.3.1)
observed-bits NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on observed-bits and may be impacted: - use-rtg =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28060...
MAL-2025-28060 Malicious code in observed-bits (npm)
The package observed-bits was found to contain malicious code...
PT-2025-32241 · Unknown · Thinbus-Srp-Npm
Name of the Vulnerable Software and Affected Versions: thinbus-srp-npm versions 2.0.0 and below Description: A protocol compliance bug exists in the Javascript Secure Remote Password implementation, specifically in the client's entropy generation. The client generates a fixed 252 bits of entropy...
PT-2025-37960
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack overrun issue was resolved in the Linux kernel related to KVM on RISC-V architectures when loading vlenb. A userspace load could potentially place up to 2048 bits into a stack...
The vulnerability of the insn_rw_emulate_bits() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the insnrwemulatebits function in the Linux operating system is related to access to an uninitialized pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...