346 matches found
kernel: udmabuf: fix a buf size overflow issue during udmabuf creation
A buffer-overflow vulnerability was found in the Linux kernel's udmabuf driver. The flaw occurs in the udmabufcreate function, which calculates the page count limit pglimit using the variable sizelimitmb. This size variable can be misinterpreted as either 32-bit or 64-bit, resulting in incorrect...
CVE-2025-48862
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...
Linux Distros Unpatched Vulnerability : CVE-2022-49152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry prese...
Linux Distros Unpatched Vulnerability : CVE-2023-23002
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.16.3, drivers/bluetooth/hciqca.c misinterprets the devmgpiodgetindexoptional return value expects it to be NULL in the error case,...
Misinterpretation of Input
Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Misinterpretation of Input via the parsePush.ts file. An attacker can bypass approval mechanisms or hide commits by crafting a malicious Git packfile that...
DEBIAN-CVE-2025-38466
In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
kernel: um: Fix out-of-bounds read in LDT setup
A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
Misinterpretation of Input
Overview Affected versions of this package are vulnerable to Misinterpretation of Input in the Optimizer component. A privileged attacker can cause the application to become unresponsive or crash by submitting specially crafted data. Remediation Upgrade libmysqlclient to version 8.1.0 or higher...
Misinterpretation of Input
Overview Affected versions of this package are vulnerable to Misinterpretation of Input in the InnoDB component. A privileged attacker can cause the application to become unresponsive or crash repeatedly by sending specially crafted requests. Remediation A fix was pushed into the master branch bu...
kernel: um: Fix out-of-bounds read in LDT setup
A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...
kernel: um: Fix out-of-bounds read in LDT setup
A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...
kernel: um: Fix out-of-bounds read in LDT setup
A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...
kernel: um: Fix out-of-bounds read in LDT setup
A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...
CVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
CVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...
CVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...