80 matches found
CVE-2024-8361
In SiWx91x devices, CVE-2024-8361 describes a DoS caused by SHA2/224 producing a 256-bit hash instead of 224 bits, triggering a software assertion. The issue is documented across multiple sources (NVD, Red Hat, CVE listing). Affected component is the SHA2/224 implementation; root cause is incorre...
PT-2025-3698 · Siwx91X · Siwx91X
Name of the Vulnerable Software and Affected Versions: SiWx91x devices affected versions not specified Description: The issue is related to the SHA2/224 algorithm, which returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, causing a Denial of...
kernel: ext4: fix double-free of blocks due to wrong extents moved_len
A vulnerability was found in the Linux kernel. This issue occurs in the ext4 function, in ext4moveextents, where an error in updating the movedlen variable can lead to double-free of blocks and corrupt block accounting. This could lead to crashes or undefined behavior...
SUSE CVE-2024-40992
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...
StringBuilder for Node.js Security Vulnerability
StringBuilder for Node.js is a simple and fast in-memory string generator for Node.js by Magic Len Personal Developer. A security vulnerability exists in StringBuilder for Node.js, which stems from an incorrect calculation of the memory length and is susceptible to out-of-bounds reads, which can...
Tor Arti 安全漏洞
Tor Arti is a project of the Tor team to generate embeddable, production-quality implementations of the Tor anonymization protocol in the Rust programming language. A security vulnerability exists in Tor Arti versions prior to 1.2.3, which stems from a message length error...
Tor Arti 安全漏洞
Tor Arti is a project of the Tor team to generate embeddable, production-quality implementations of the Tor anonymization protocol in the Rust programming language. A security vulnerability exists in Tor Arti versions prior to 1.2.3, which stems from a message length error...
CVE-2024-26824 crypto: algif_hash - Remove bogus SGL free on zero-length error path
In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - Remove bogus SGL free on zero-length error path When a zero-length message is hashed by algifhash, and an error is triggered, it tries to free an SG list that was never allocated in the first place. Fix this b...
CVE-2023-52580 net/core: Fix ETH_P_1588 flow dissector
In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETHP1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, nhoff value calculation is wrong. For example: hdr-messagelength takes t...
SUSE CVE-2023-47360
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length...
CVE-2023-47360
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length...
SUSE CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...
SUSE CVE-2018-13785
In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service...
drachtio-server 安全漏洞
drachtio-server is a drachtio open source SIP server built on the sofia SIP stack. A security vulnerability exists in drachtio-server prior to version 0.8.20, which stems from a vulnerability that allows remote attackers to cause a denial of service via a long message in a TCP request that result...
SUSE-SU-2022:4084-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1. - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to LTS version 16.18.0: http: throw error on content-length mismatch stream: add ReadableByteStream.tee deps:...
SUSE-SU-2022:4003-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to LTS version 16.18.0: http: throw error on content-length mismatch stream: add ReadableByteStream.tee deps:...
Softing Secure Integration Server 数字错误漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A numeric error vulnerability exists in Softing Secure...
Qualcomm 缓冲区错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in several Qualcomm products that...
Qualcomm 芯片 缓冲区错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...
Red Hat Ceph Storage 授权问题漏洞
Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat USA. An authorization issue vulnerability exists in Red Hat Ceph Storage, where an attacker can exploit the fact that the key length is incorrectly passed in the encryption algorithm to create a...