Linux Distros Unpatched Vulnerability : CVE-2026-46186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...

DEBIAN-CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

MiracleLinux 8 : libX11-1.6.8-5.el8 (AXSA:2021-2639:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2639:02 advisory. libX11: missing request length checks CVE-2021-31535 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

CVE-2025-27807

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS...

CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

EUVD-2023-47535

Malicious code in bioql PyPI...

CVE-2021-22753

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...

TRENDnet TEG-40128 安全漏洞

The TRENDnet TEG-40128 is a smart switch from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEG-40128 v1 1.00.023 version, which stems from a lack of length validation and a buffer overflow vulnerability that could cause a remote target device to crash or execute arbitrary comman...

CVE-2024-6258

BT: Missing length checks of netbuf in rfcommhandledata...

CVE-2024-6258

BT: Missing length checks of netbuf in rfcommhandledata...

PT-2024-37489

Name of the Vulnerable Software and Affected Versions: Linux Kernel's RFCOMM Module affected versions not specified Description: The issue is related to a buffer overflow vulnerability due to missing length checks of net buf in the rfcomm handle data function. Recommendations: At the moment, ther...

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

Rocky Linux 8 : nss and nspr (RLSA-2020:3280)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3280 advisory. - Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability...

CVE-2023-43114

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFontFromData, then it can cause the application to crash because of missing length check...

CVE-2023-43114

Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows are affected by CVE-2023-43114. When a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], the GDI font engine can cause an application crash due to missing length checks. Supported fixes p...

CVE-2023-43114

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFontFromData, then it can cause the application to crash because of missing length check...

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

SUSE CVE-2019-17006

In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow...

CVE-2022-20689

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing...