785 matches found
PT-2026-57567
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An out-of-bounds write exists in the WireGuard subsystem within the wg process data message function located in wg crypto.c. The issue occurs when an inbound transport-data payload is linearized into a fixed po...
CVE-2026-9267
Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...
Bluetooth: RFCOMM: validate skb length in MCC handlers
...
SUSE CVE-2026-53186
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...
The vulnerability of the mm/mempool module in Linux operating systems allows a hacker to cause a service failure or memory corruption.
The vulnerability of the mm/mempool module in Linux operating systems is related to access to a buffer with an incorrect length value. Exploiting this vulnerability can allow an attacker to cause service failures or memory corruption...
CVE-2026-53254
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...
CVE-2026-53179 staging: rtl8723bs: fix buffer over-read in rtw_update_protection
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...
CVE-2026-52982
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...
CVE-2026-52982 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...
CVE-2026-54257
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...
CVE-2026-10658
CVE-2026-10658 affects Zephyr’s Bluetooth Host ISO RX path, specifically bt_iso_recv() in subsys/bluetooth/host/iso.c. The vulnerability arises from missing minimum length checks for SDU headers when processing PB=START/SINGLE, allowing a malformed HCI ISO payload to bypass the inner header lengt...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the htundoimpl function. An attacker can cause a crash and potentially leak adjacent heap memory by supplying a crafted EXR file with mismatched channel width and buffer length. Remediation Upgrade openexr...
NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...
GHSA-Q6M5-F73J-M9MC Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. Workarounds No workarounds. Do not use these impacted Electron releases Fixed Versions 42.3.3 For more information If you have any questions or...
CVE-2026-1950
Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability...
CVE-2026-1951
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
CVE-2026-5071
The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...
PT-2026-45078
The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan frame object using only a NET ASSERT statement in zcan sendto ctx before dereferencing it in socketcan to can frame. In production builds where assertions are disabled, a userspace application that...
OESA-2026-2492 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index...
SUSE CVE-2026-46140
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...