15 matches found
CVE-2026-23395
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
CVE-2026-23395
CVE-2026-23395 affects the Linux kernel Bluetooth L2CAP handling of ECRED connection requests. The issue stems from accepting multiple L2CAP_ECRED_CONN_REQs regardless of the command identifier, which can cause multiple requests to be marked pending (FLAG_DEFER_SETUP) and may lead to allocating m...
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
EUVD-2025-26110
Malicious code in bioql PyPI...
CVE-2025-10457
Zephyr Project’s CVE-2025-10457 affects the BLE stack, specifically the le_conn_rsp handling. The vulnerable component processes BLE connection responses without confirming that a connection attempt initiated by the device actually occurred, relying solely on identifier matching. This can enable ...
CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294. CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch...
SUSE-SU-2025:1463-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294. - CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431...
SUSE CVE-2024-46814
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msgid before processing transcation WHY & HOW HDCPMESSAGEIDINVALID -1 is not a valid msgid nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity...
UBUNTU-CVE-2024-46825
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWLFWCHECK for link ID check The lookup function iwlmvmrcufwlinkidtolinkconf is normally called with input from the firmware, so it should use IWLFWCHECK instead of WARNON...
PT-2023-25413 · WordPress · Simple Author Box
Name of the Vulnerable Software and Affected Versions: The Simple Author Box WordPress plugin versions prior to 2.52 Description: The issue is related to the disclosure of arbitrary user information due to a lack of verification of the user ID before outputting information about that user. This c...
SUSE CVE-2007-3099
usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...
Crashing Unreal 3.1.6 + NO_IDENT_CHECKING ENABLED [http://virulent.port5.com/dosyalar/unreal_en.txt]
------------------------------------------------- CRASHING UNREAL 3.1.6 + NOIDENTCHECKING ENABLED ------------------------------------------------- DESCRIPTION OF SOFTWARE ----------------------- UnrealIRCd is an IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALne...