Lucene search
K

296 matches found

OSV
OSV
added 2025/08/04 8:28 p.m.18 views

GHSA-H5RC-J5F5-3GCM russh is missing overflow checks during channel windows adjust

Summary The channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rus...

6.5CVSS6.6AI score0.00386EPSS
Exploits1References4
OSV
OSV
added 2025/07/28 11:21 a.m.4 views

CVE-2025-38484 iio: backend: fix out-of-bound write

In the Linux kernel, the following vulnerability has been resolved: iio: backend: fix out-of-bound write The buffer is set to 80 character. If a caller write more characters, count is truncated to the max available space in "simplewritetobuffer". But afterwards a string terminator is written to t...

7.8CVSS6.2AI score0.00153EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/25 1:20 p.m.7 views

CVE-2025-38413 virtio-net: xsk: rx: fix the frame's length check

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is the frame data's length without virtio header's length vi-hdrlen. We check that len with xskpoolgetrxframesize + vi-hdrlen to ensure the...

0.00154EPSS
Exploits0References3
OSV
OSV
added 2025/07/11 3:8 p.m.8 views

CLSA-2025-1752246531 java-11-openjdk: Fix of 13 CVEs

Upgrade to openjdk-11.0.27+6. The following CVEs were fixed: - CVE-2025-30698: fix buffered image handling to avoid unauthorized access to accessible data - CVE-2025-30691: improve compiler transformations to avoid unauthorized access to accessible data - CVE-2024-21144: invalid header validation...

7.4CVSS6.8AI score0.01257EPSS
Exploits0References1
CVE
CVE
added 2025/07/03 8:36 a.m.86 views

CVE-2025-38166

CVE-2025-38166 affects the Linux kernel’s BPF/KTLS path (sockmap) where bpf_exec_tx_verdict() can increase msg_pl->sg.size during cork handling, causing iov_iter_revert to miscalculate and potentially panic. The patch adjusts rollback logic to accommodate size changes and relies on zero-copy p...

5.5CVSS7AI score0.00147EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/06/30 8:10 a.m.5 views

USN-7582-2 samba regression

USN-7582-1 fixed vulnerabilities in Samba. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker...

6AI score
Exploits0References2
OpenVAS
OpenVAS
added 2025/06/20 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-7582-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.62015EPSS
Exploits1References2
NVD
NVD
added 2025/06/03 6:15 a.m.24 views

CVE-2024-53015

Memory corruption while processing IOCTL command to handle buffers associated with a session...

6.6CVSS0.0008EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 p.m.12 views

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

9.8CVSS7.2AI score0.02372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:15 a.m.9 views

CVE-2019-1488

A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'...

3.3CVSS6.7AI score0.00803EPSS
Exploits0References1
NVD
NVD
added 2025/05/15 4:15 p.m.11 views

CVE-2024-52880

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

7.9CVSS0.00158EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/14 5:51 p.m.8 views

Moderate: Red Hat Security Advisory: Satellite 6 Client Bug Fix Update

Updated Satellite Client packages that fix several bugs are now available for Red Hat Satellite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.5CVSS7AI score0.00647EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/01 2:10 p.m.13 views

CVE-2022-49891 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...

0.00165EPSS
Exploits0References4
CVE
CVE
added 2025/05/01 12:55 p.m.129 views

CVE-2025-23151

CVE-2025-23151 concerns a race in the Linux kernel’s bus: mhi: host path. A client driver quiesces via mhi_unprepare_from_transfer() while data may still be processed, potentially causing a call to mhi_queue_buf() that triggers mhi_gen_tre(). If mhi_gen_tre() runs after the channel teardown, an i...

4.7CVSS6.5AI score0.00119EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.11 views

The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems allows a intruder to trigger a service failure.

The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems is related to access to the buffer with an incorrect length value. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.7CVSS7.8AI score0.00736EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/18 1:50 p.m.18 views

CVE-2025-40364 io_uring: fix io_req_prep_async with provided buffers

In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...

0.00247EPSS
Exploits0References7
OSV
OSV
added 2025/04/18 1:50 p.m.6 views

CVE-2025-40364 io_uring: fix io_req_prep_async with provided buffers

In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...

7.8CVSS5.7AI score0.00247EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-42083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi- buffer handling Currently, the ionicrunxdp doesn't...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/26 2:23 a.m.5 views

CVE-2022-49583 iavf: Fix handling of dummy receive descriptors

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly. iavfgetrxbuffer now sets the rxbuffer return value for dummy receive descriptors. Without this patch, when...

6.3AI score0.00252EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/02/24 9:1 a.m.13 views

CVE-2023-52926 io_uring/rw: split io_read() into a helper

In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when read i/o returned 0 except for -EAGAIN and -EIOCBQUEUED return. This can lead to a potential use-after-free when the completion via iorwdone runs at separate...

0.00228EPSS
Exploits0References3
Rows per page
Query Builder