13 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generall...
SUSE CVE-2023-53575
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...
CVE-2020-11241
Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago...
CVE-2025-37782
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-53082
In the Linux kernel, the following vulnerability has been resolved: virtionet: Add hashkeylength check Add hashkeylength check in virtnetprobe to avoid possible out of bound errors when setting/reading the hash key...
SUSE-SU-2022:2919-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification bsc1202020. Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation bsc1190698 - FIPS: Only allows ECDSA signature with valid set of hashes SHA2 and SHA...
PT-2022-24426 · Rhonabwy · Rhonabwy
Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 0.9.99 through 1.1.x before 1.1.7 Description: The issue allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token, as the software does not check the RSA private key length before RSA-OAEP...
Memory corruption
Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables...
DEBIAN-CVE-2021-30472
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value...
UBUNTU-CVE-2021-30472
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value...
PT-2021-18746 · Podofo +2 · Podofo +2
Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.7 Description: A flaw was found in the PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp, which allows for a stack-based buffer overflow due to an improper check of the keyLength value. Recommendations: For PoDo...
Code injection
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length...
NSS: insecure Diffie-Hellman key exchange
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...