19 matches found
CVE-2026-46135
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...
UBUNTU-CVE-2026-46135
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...
EUVD-2026-32762
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
SUSE CVE-2025-39889
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder - Invalid Encryption Key Size - 128 bit This tests the security...
CVE-2025-10457
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...
Improper Handling of Length Parameter Inconsistency
Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via improper validation of the leconnrsp process. An attacker can cause information disclosure, data manipulation, or denial of service by sending specially crafted Bluetooth connectio...
CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...
CVE-2025-10457
Zephyr Project’s CVE-2025-10457 affects the BLE stack, specifically the le_conn_rsp handling. The vulnerable component processes BLE connection responses without confirming that a connection attempt initiated by the device actually occurred, relying solely on identifier matching. This can enable ...
CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...
CVE-2023-53185 wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...
kernel: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
...
CVE-2024-53156 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...
WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit
Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...
CVE-2022-46304
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
Command injection
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
PT-2023-14901 · Changingtec · Servisign
Name of the Vulnerable Software and Affected Versions: ChangingTec ServiSign affected versions not specified Description: The issue is related to insufficient filtering for special characters in the connection response parameter. This allows an unauthenticated remote attacker to host a malicious...
Cisco IOS XE SD-WAN DoS (cisco-sa-sdwan-dosmulti-48jJuEUP)
According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by a denial of service DoS vulnerability in the UDP connection response due the presence of a null dereference in vDaemon. An unauthenticated, remote attacker can exploit this, by sending crafted traffic to an affect...