Lucene search
K

778 matches found

OSV
OSV
added 2024/11/05 6:15 p.m.7 views

AZL-52329 CVE-2024-50131 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL...

7.8CVSS7AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 5:10 p.m.146 views

CVE-2024-50131

CVE-2024-50131 affects the Linux kernel tracing subsystem, where length validation for events didn’t account for the NULL terminator. strlen() reports length excluding the trailing null, so if the string length equals the maximum buffer, there is no room for the NULL terminator, allowing potentia...

7.8CVSS7.4AI score0.00249EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/11/05 5:10 p.m.12 views

CVE-2024-50131 tracing: Consider the NULL character when validating the event length

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL...

7.8CVSS6.3AI score0.00249EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2024/10/31 3:48 a.m.4 views

SUSE CVE-2024-49938

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

5.5CVSS6.5AI score0.00257EPSS
Exploits0References21
OSV
OSV
added 2024/10/12 11:9 a.m.5 views

OESA-2024-2245 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

4.3CVSS7.6AI score0.00355EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.16 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

8AI score0.00788EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/04 6:14 a.m.14 views

CVE-2024-6444 Bluetooth: ots: missing buffer length check

No proper validation of the length of user input in olcpindhandler in zephyr/subsys/bluetooth/services/ots/otsclient.c...

6.3CVSS6.9AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2024/10/04 6:14 a.m.59 views

CVE-2024-6444

CVE-2024-6444 affects Zephyr’s Bluetooth OTS client: olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c handles input length poorly, enabling potential buffer overflow. Existing connected sources confirm the exact vulnerable component and root cause (missing input length valida...

6.5CVSS6.3AI score0.00325EPSS
Exploits0References1Affected Software1
SUSE Linux
SUSE Linux
added 2024/10/03 12:3 p.m.1 views

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. bsc1230076 CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. bsc1230075 CVE-2024-45618: Uninitialized values after incorrect or missing...

3.9CVSS7.9AI score0.00355EPSS
Exploits0References30
OSV
OSV
added 2024/10/01 9:31 p.m.15 views

GHSA-3H3X-2HWV-HR52 Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

7.6CVSS6.5AI score0.00297EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2024/09/30 9:8 p.m.23 views

CVE-2024-9355

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS6.3AI score0.00297EPSS
Exploits0References3
Veracode
Veracode
added 2024/09/16 9:10 a.m.10 views

Heap-based Buffer Overflow

libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is due to inadequate validation of buffer lengths in BLE connection update operations, which could lead to a divide by zero condition...

7.6CVSS6.9AI score0.00437EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/13 8:15 p.m.4 views

CVE-2024-6135

BT:Classic: Multiple missing buf length checks...

6.5CVSS5.4AI score0.00456EPSS
Exploits1References1
CVE
CVE
added 2024/09/13 7:51 p.m.63 views

CVE-2024-6135

CVE-2024-6135 relates to Zephyr RTOS (BT Classic) where the protocol handling lacks several buffer length checks, enabling a heap-based buffer overflow. Connected sources describe inadequate validation of buffer lengths in BLE/connection update flows and multiple missing length checks in the BT C...

7.6CVSS7AI score0.00437EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/13 7:51 p.m.16 views

CVE-2024-6135 BT:Classic: Multiple missing buf length checks

BT:Classic: Multiple missing buf length checks...

7.6CVSS7AI score0.00437EPSS
Exploits1References1
OSV
OSV
added 2024/09/13 7:15 p.m.5 views

CVE-2024-6258

BT: Missing length checks of netbuf in rfcommhandledata...

6.5CVSS5.5AI score0.00433EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.4 views

PT-2024-37410 · Unknown · Bt Classic

Name of the Vulnerable Software and Affected Versions: BT:Classic affected versions not specified Description: The issue concerns multiple missing buffer length checks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-worl...

7.6CVSS7.3AI score0.00437EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.3 views

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.6 and prior versions, which stems from a lack of checking the length of netbuf when processing data for the RFCOMM protocol, which could lead to a heap-based buffer...

6.8CVSS6.9AI score0.00433EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/09/03 10:15 p.m.2 views

CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response AP...

3.9CVSS6.8AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2024/09/03 10:15 p.m.2 views

DEBIAN-CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response AP...

3.9CVSS6.4AI score0.00355EPSS
Exploits0References1
Rows per page
Query Builder