Lucene search
+L

273 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-27741

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the nvmet-fcloop component. Specifically, a missing check for the remoteport port state before invoking the done callback in nvme fc handle ls rqs...

5.9AI score0.00117EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-28333

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rust binder component related to handling binder death notifications. Specifically, the set notification done function may be called without...

5.9AI score0.0009EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a data contention when accessing cqprequest-requestdone, which could lead to data inconsistencies...

5.9AI score0.00168EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/12/25 9:3 a.m.5 views

iomap: allocate s_dio_done_wq for async reads as well

...

5.5CVSS5.8AI score0.00209EPSS
Exploits0
CVE
CVE
added 2025/12/24 1:7 p.m.19 views

CVE-2023-54159

No public technical details about CVE-2023-54159 are provided in the connected documents. The materials mention the Linux kernel mtu3 issue but do not specify affected versions, exploit info, or fixes. Monitor for updates from vendors/security advisories.

6AI score0.00173EPSS
Exploits0References7
NVD
NVD
added 2025/12/09 4:17 p.m.6 views

CVE-2023-53822

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenari...

0.00206EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/11/19 3:51 p.m.10 views

github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame

A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/11/18 5:47 p.m.2 views

github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame

A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References7
Veracode
Veracode
added 2025/11/18 2:42 p.m.6 views

Denial-of-Service (DoS)

quic-go is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to improper handling of premature HANDSHAKEDONE frames during the QUIC handshake, where an assertion failure can be triggered by a misbehaving or malicious server, allowing attackers to crash the client process without...

7.5CVSS6.5AI score0.00438EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/11/09 12:23 a.m.6 views

SUSE CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS7AI score0.00438EPSS
Exploits0References2
NVD
NVD
added 2025/11/04 5:16 p.m.5 views

CVE-2025-54330

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Out-of-bounds Read of q-bufs in the isdoneforme function...

5.3CVSS0.00238EPSS
Exploits0References2
CVE
CVE
added 2025/11/04 12:0 a.m.14 views

CVE-2025-54330

CVE-2025-54330 affects Samsung Mobile Processor Exynos 1380 (NPU) with an out-of-bounds read in the __is_done_for_me function, through July 2025. Vulnerable component: NPU inside the Exynos 1380 SoC. Impact as per CVSS: Medium (5.3), networked, requires no user interaction, no privileges. No fixe...

5.3CVSS6.6AI score0.00238EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.6 views

SAMSUNG Mobile Processor Exynos 安全漏洞

SAMSUNG Mobile Processor Exynos is a system-on-chip SoC from South Korea's Samsung SAMSUNG dedicated to smartphones and tablets. A security vulnerability exists in SAMSUNG Mobile Processor Exynos July 2025 and earlier, which stems from an out-of-bounds read of q-bufs in the isdoneforme function...

5.3CVSS6.7AI score0.00238EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/10/25 9:1 p.m.9 views

quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame

...

7.5CVSS7AI score0.00438EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/15 5:58 p.m.5 views

CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS6.5AI score0.00438EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/10 5:3 p.m.6 views

EUVD-2025-33746

quic-go: Panic occurs when queuing undecryptable packets after handshake completion...

7.5CVSS6.4AI score0.00438EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/10 5:3 p.m.8 views

quic-go: Panic occurs when queuing undecryptable packets after handshake completion

Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...

7.5CVSS6.8AI score0.00438EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/10/10 5:3 p.m.4 views

GHSA-47M2-4CR7-MHCW quic-go: Panic occurs when queuing undecryptable packets after handshake completion

Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...

7.5CVSS6.8AI score0.00438EPSS
Exploits0References8
Snyk
Snyk
added 2025/10/10 4:42 p.m.2 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the handshake phase. An attacker can cause the client to crash by sending a premature HANDSHAKEDONE frame. Remediation Upgrade github.com/quic-go/quic-go to version 0.49.1, 0.54.1 or higher. References - GitHub PR...

8.7CVSS6.5AI score0.00438EPSS
Exploits0References2
NVD
NVD
added 2025/10/10 4:15 p.m.10 views

CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS0.00438EPSS
Exploits0References3
Rows per page
Query Builder