296 matches found
GHSA-H5RC-J5F5-3GCM russh is missing overflow checks during channel windows adjust
Summary The channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rus...
CVE-2025-38484 iio: backend: fix out-of-bound write
In the Linux kernel, the following vulnerability has been resolved: iio: backend: fix out-of-bound write The buffer is set to 80 character. If a caller write more characters, count is truncated to the max available space in "simplewritetobuffer". But afterwards a string terminator is written to t...
CVE-2025-38413 virtio-net: xsk: rx: fix the frame's length check
In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is the frame data's length without virtio header's length vi-hdrlen. We check that len with xskpoolgetrxframesize + vi-hdrlen to ensure the...
CLSA-2025-1752246531 java-11-openjdk: Fix of 13 CVEs
Upgrade to openjdk-11.0.27+6. The following CVEs were fixed: - CVE-2025-30698: fix buffered image handling to avoid unauthorized access to accessible data - CVE-2025-30691: improve compiler transformations to avoid unauthorized access to accessible data - CVE-2024-21144: invalid header validation...
CVE-2025-38166
CVE-2025-38166 affects the Linux kernel’s BPF/KTLS path (sockmap) where bpf_exec_tx_verdict() can increase msg_pl->sg.size during cork handling, causing iov_iter_revert to miscalculate and potentially panic. The patch adjusts rollback logic to accommodate size changes and relies on zero-copy p...
USN-7582-2 samba regression
USN-7582-1 fixed vulnerabilities in Samba. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker...
Ubuntu: Security Advisory (USN-7582-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-53015
Memory corruption while processing IOCTL command to handle buffers associated with a session...
CVE-2022-22532
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...
CVE-2019-1488
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'...
CVE-2024-52880
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...
Moderate: Red Hat Security Advisory: Satellite 6 Client Bug Fix Update
Updated Satellite Client packages that fix several bugs are now available for Red Hat Satellite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2022-49891 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...
CVE-2025-23151
CVE-2025-23151 concerns a race in the Linux kernel’s bus: mhi: host path. A client driver quiesces via mhi_unprepare_from_transfer() while data may still be processed, potentially causing a call to mhi_queue_buf() that triggers mhi_gen_tre(). If mhi_gen_tre() runs after the channel teardown, an i...
The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems allows a intruder to trigger a service failure.
The vulnerability of the SNMP protocol implementation in Cisco IOS and IOS XE operating systems is related to access to the buffer with an incorrect length value. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
CVE-2025-40364 io_uring: fix io_req_prep_async with provided buffers
In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...
CVE-2025-40364 io_uring: fix io_req_prep_async with provided buffers
In the Linux kernel, the following vulnerability has been resolved: iouring: fix ioreqprepasync with provided buffers ioreqprepasync can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed...
Linux Distros Unpatched Vulnerability : CVE-2024-42083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi- buffer handling Currently, the ionicrunxdp doesn't...
CVE-2022-49583 iavf: Fix handling of dummy receive descriptors
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly. iavfgetrxbuffer now sets the rxbuffer return value for dummy receive descriptors. Without this patch, when...
CVE-2023-52926 io_uring/rw: split io_read() into a helper
In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when read i/o returned 0 except for -EAGAIN and -EIOCBQUEUED return. This can lead to a potential use-after-free when the completion via iorwdone runs at separate...