Lucene search
K

37 matches found

RedHat Linux
RedHat Linux
added last week6 views

kernel: RDMA/mana: Validate rx_hash_key_len

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.6 views

kernel: RDMA/mana: Validate rx_hash_key_len

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:42 p.m.9 views

CVE-2026-44611

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

5.9CVSS5.8AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44931

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description Passwords are stored using a hashing method that restricts password length and is susceptible to brute force attacks, which is a trial-and-error method used to...

5.9CVSS5.5AI score0.00141EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44268

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA/mana component where the rx hash key len variable, which originates from a uAPI structure, is passed to the memcpy function without proper validation. This lack ...

9.8CVSS5.9AI score0.00675EPSS
Exploits3References356
Snyk
Snyk
added 2026/03/30 10:36 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SM2 decryption process due to improper validation of the encoded C3 hash field length prior to comparison. An attacker can cause a heap buffer over-read, potentially leading to a crash or other undefined...

8.8CVSS6AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 2:52 p.m.5 views

GHSA-67RJ-PJG6-PQ59 Jervis Has a SHA-256 Hex String Padding Bug

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL622-L626 padLeft32, '0' should be padLeft64, '0'. SHA-256 produces 32 bytes = 64 hex characters. Impact Inconsistent hash lengths when leadi...

8.7CVSS7AI score0.00147EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/01/13 2:52 p.m.13 views

Jervis Has a SHA-256 Hex String Padding Bug

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL622-L626 padLeft32, '0' should be padLeft64, '0'. SHA-256 produces 32 bytes = 64 hex characters. Impact Inconsistent hash lengths when leadi...

8.7CVSS7.2AI score0.00147EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-1561

Malware in sbrugna...

9.3CVSS6.3AI score0.03992EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49626

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0041EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/04/29 11:24 a.m.4 views

Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Acces...

8.8CVSS8.1AI score0.02033EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2025/04/29 11:24 a.m.2 views

Security update for kernel-livepatch-MICRO-6-0_Update_3

This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...

8.8CVSS8.1AI score0.02033EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2025/04/29 11:24 a.m.2 views

Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...

8.8CVSS8.1AI score0.02033EPSS
Exploits0References16
OSV
OSV
added 2025/04/29 11:24 a.m.6 views

SUSE-SU-2025:20212-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: - CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 - CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 - CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper...

8.8CVSS6.9AI score0.02033EPSS
Exploits0References9
OSV
OSV
added 2025/04/29 11:20 a.m.1 views

SUSE-SU-2025:20213-1 Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: - CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 - CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 - CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper...

8.8CVSS6.9AI score0.02033EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/01/07 4:18 p.m.5 views

CVE-2024-8361 DoS caused due to wrong hash length returned for SHA2/224 algorithm

In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service DoS. If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not...

7.5CVSS6.9AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 2025/01/07 4:18 p.m.46 views

CVE-2024-8361

In SiWx91x devices, CVE-2024-8361 describes a DoS caused by SHA2/224 producing a 256-bit hash instead of 224 bits, triggering a software assertion. The issue is documented across multiple sources (NVD, Red Hat, CVE listing). Affected component is the SHA2/224 implementation; root cause is incorre...

7.5CVSS7.5AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/07 4:18 p.m.14 views

CVE-2024-8361 DoS caused due to wrong hash length returned for SHA2/224 algorithm

In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service DoS. If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not...

7.5CVSS0.0041EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.7 views

PT-2025-3698 · Siwx91X · Siwx91X

Name of the Vulnerable Software and Affected Versions: SiWx91x devices affected versions not specified Description: The issue is related to the SHA2/224 algorithm, which returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, causing a Denial of...

7.5CVSS7AI score0.0041EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

Silicon SiWx91x 安全漏洞

The Silicon SiWx91x is a radio board from Silicon Technology Silicon. A security vulnerability exists in the Silicon SiWx91x that stems from an incorrect hash length triggering a software assertion, which could lead to a denial of service DoS...

7.5CVSS6.5AI score0.0041EPSS
Exploits0References2
Rows per page
Query Builder