CVE-2026-46122

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: enforce bounds check on firmware key index in b43rx The firmware-controlled key index in b43rx can exceed the dev-key array size 58 entries. The existing B43WARNON is non-enforcing in production builds, allowing an...

EUVD-2026-28567

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit does not check the return value and unconditionally dereferences the...

CVE-2026-1773

IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates...

EUVD-2020-3493

Malware in sbrugna...

EUVD-2021-14231

Malware in sbrugna...

EUVD-2024-41756

Malicious code in bioql PyPI...

CVE-2024-45569

Memory corruption while parsing the ML IE due to invalid frame content...

CVE-2024-45569

Memory corruption while parsing the ML IE due to invalid frame content...

CVE-2024-45569 Improper Validation of Array Index in WLAN Host Communication

Memory corruption while parsing the ML IE due to invalid frame content...

GHSA-HMGW-9JRG-HF2M Directus crashes on invalid WebSocket message

Summary It seems that any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. This could probably be posted as an issue and I might even be able to put together a pull request for a fix if only I had some extra time..., but I decided...

PT-2023-29709 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.6.2 Description: Directus is a real-time API and App dashboard for managing SQL database content. In affected versions, any Directus installation that has websockets enabled can be crashed if the websocket server...

SUSE CVE-2008-1161

Buffer overflow in the Matroska demuxer demuxers/demuxmatroska.c in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Matroska file with invalid frame sizes...

SUSE CVE-2016-10069

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service application crash via a mat file with an invalid number of frames...

SUSE CVE-2017-11406

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values...

PT-2023-13284 · Wlan · Wlan

Name of the Vulnerable Software and Affected Versions: WLAN affected versions not specified Description: The issue is related to memory corruption due to a stack-based buffer overflow in the WLAN component. This occurs when the system encounters an invalid WNM frame length. Recommendations: At th...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

CVE-2021-27477

CVE-2021-27477 affects JTEKT TOYOPUC PLC family (PC10G-CPU, 2PORT-EFR, Plus CPU/EX/EX2, EFR/EFR2, 2P-EFR, PC10P-DP/DP-IO, Nano series, PC10PE/16/16P, PC10E, FL/ET-T-V2H, PC10B/PC10B-P, Nano CPU, PC10P, PC10GE and Plus variants). Root cause: improper restriction of operations within the bounds of ...

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...