CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the FBX importer’s aiMaterial::AddBinaryProperty function, which copie...

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...

openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...

kernel: Linux kernel (openvswitch): Denial of Service and limited data exposure via improper key length validation

A flaw was found in the Linux kernel's openvswitch virtual environment. A local attacker with low privileges could exploit improper data and key length validation in the set action. This could lead to a denial of service, making the system unresponsive, and potentially result in limited informati...

CLSA-2025-1765902200 opensc: Fix of CVE-2024-45619

CVE-2024-45619: fix insufficient certificate and key length validation...

EUVD-2018-17617

Malware in sbrugna...

CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

CVE-2025-37789 net: openvswitch: fix nested key length validation in the set() action

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

CVE-2020-11269

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2020-11269

CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...

CVE-2019-3955

Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which cou...

CVE-2018-5850

In the function csrupdatefilsparamsrso, insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel...