Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...

USN-8309-1: libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

USN-8232-1 python-django vulnerabilities

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSIONSAVEEVERYREQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. CVE-2026-35192 Kyle Agronick and Jacob Walls discovered that Django...

EUVD-2026-25582

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013396 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...

PT-2026-34619

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVP PKEY derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and...

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, which include multiple ANSI SQL-92 functions. The Firebird FB3 version has a security vulnerability, which stems from an error in the placement of data length values when t...

EUVD-2020-31212

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...

EUVD-2026-15295

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid...

pocketlang 缓冲区错误漏洞

Pocketlang is an embeddable scripting language developed by Thakee Nathees. Pocketlang has a buffer error vulnerability, which stems from the incorrect handling of the length parameter in the function pkByteBufferAddString, potentially leading to memory corruption...

CVE-2026-22904

Improper length handling when parsing multiple cookie fields including TRACKID allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution...

PT-2026-7082

Name of the Vulnerable Software and Affected Versions lighttpd affected versions not specified WAGO 0852-1322 affected versions not specified Description An issue exists where improper length handling during the parsing of multiple cookie fields, including the TRACKID field, can allow an...

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the readGGUFV1String function, which is exposed over the /blobs and /create endpoints. An attacker can cause the service to become unavailable by submitting malicious GGUF metadata...

openSUSE 15 Security Update : python310 (SUSE-SU-2026:0130-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0130-1 advisory. - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availabili...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001114 advisory. Incorrect buffer length handling in the ncpreadkernel function in fs/ncpfs/ncplibkernel.c in the Linux kernel through 4.15.11, and in...

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

🛠️ mongobleed - Easy Download of MongoDB Exploit Tool 📥 Do...

SUSE-SU-2025:4538-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 - CVE-2025-13837: Fixed plistlib module deni...

CLSA-2025-1766598218 opensc: Fix of 4 CVEs

CVE-2024-45616: fix insufficient control of APDU buffer and its length - CVE-2024-45615: initialize uninitialized variables - CVE-2024-45617: fix insufficient or missing checking of return values - CVE-2024-45620: fix incorrect handling length of buffers or files in pkcs15init...