14 matches found
CVE-2025-39946
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...
CVE-2025-39946
CVE-2025-39946 affects the Linux kernel TLS/record parsing path. When a record header is bogus and data arrives in small chunks, tls_rx_msg_size() may not abort early enough, risking skb space overflow due to repeated partial parsing. The fixed behavior aborts the TLS stream as soon as an invalid...
EUVD-2025-30907
Malicious code in bioql PyPI...
PT-2025-40642
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's TLS implementation where the system may not properly abort a connection stream when invalid record headers are detected. Specifically, if the socket h...
golang: archive/zip: Incorrect handling of certain ZIP files
A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...
K14204: BIND vulnerability CVE-2011-4313
Security Advisory Description ISC reports that query.c in BIND may allow remote attackers to cause a denial-of-service assertion failure and named exit. The vulnerability uses unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. Th...
SUSE CVE-2008-1950
Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...
Microsoft PowerPoint OfficeArt Atom Remote Code Execution (MS11-022) - Ver2 (CVE-2011-0976)
A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability...
CVE-2011-4313
Description summary: CVE-2011-4313 affects ISC BIND 9.0.x–9.9.0b1 and can cause a remote denial of service (assertion failure and named exit) triggered by certain recursive DNS query handling and the caching of an invalid record. Root cause / impact: the issue is tied to the resolver’s processing...
Important: Red Hat Security Advisory: bind97 security update
Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
bind: Remote denial of service against recursive servers via logging negative cache entry
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service assertion failure and named exit via unknown vectors related to recursive DNS...
CVE-2008-1950
Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...
CVE-2008-1950
Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...
GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...