CVE-2025-38494

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

CVE-2025-38494 HID: core: do not bypass hid_hw_raw_request

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

CVE-2025-38494 HID: core: do not bypass hid_hw_raw_request

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

Private Key Extraction

tiny-secp256k1 is vulnerable to private key extraction. The vulnerability is due to the ability to bypass Buffer.isBuffer checks when the global Buffer is overridden by the NPM buffer package, which allows an attacker to reuse the nonce k across different messages and extract the private key by...

Important: ghostscript

Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...

The vulnerabilities of the functions sniff_feed_or_html() and skip_insignificant_space() in the GNOME graphical interface library libsoup allow a attacker to cause a service failure.

The vulnerabilities of the functions snifffeedorhtml and skipinsignificantspace in the GNOME graphical interface library libsoup are related to the lack of checks for buffer size and reading beyond the memory boundaries. Exploiting these vulnerabilities could allow a remote attacker to cause a...

The vulnerability of the process_symtab() function in the eu-readelf component of the ELF file modification and analysis utility Elfutils, which allows a attacker to cause a service failure.

The vulnerability of the processsymtab function in the eu-readelf component of the ELF file modification and analysis tool Elfutils relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-58016

CVE-2024-58016 (Linux kernel) fixes a safesetid vulnerability where syzbot could cause a kmalloc warning by writing an oversized buffer to a sysfs entry; the vulnerability arises from insufficient validation of write buffer sizes in handle_policy_update() and policy writes. The fix is to validate...

UBUNTU-CVE-2024-47775

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multipl...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from an improperly restricted operation within a memory buffer boundary in HLOS...

CVE-2024-0162

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM...

SUSE CVE-2021-40812

The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks...

PT-2022-4874 · Qualcomm · Qualcomm Embedded Platform +8

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform versions affected versions not specified Description: The issue is related to a component of the Qualcomm embedded platform's video microcode, specifically a lack of buffer length checks and out-of-bounds memory rea...

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which stems from a lack of buffer boundary checking in setskbpriv of the modem interface...

Critical Security Bug Can Knock Smart Meters Offline

Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution RCE, or to reboot the meter causing a denial-of-service DoS condition on the device. Schneider Electric’s PowerLogic ION/PM smart meter product line, like other smart meter...

OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

CVE-2020-14937

Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access ...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...