CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

CVE-2026-10650

warmcat libwebsockets (up to 4.5.8) contains a flaw in the SSH Protocol Handler: lws_ssh_parse_plaintext (plugins/protocol_lws_ssh_base/sshd.c) can be triggered by manipulating msg_len, leading to resource consumption. The issue can be exploited remotely; a proof-of-concept exploit has been publi...

CVE-2023-54066

CVE-2023-54066 (Linux kernel) affects the media: dvb-usb-v2 driver for the gl861 device. In gl861_i2c_master_xfer, the user-controlled msg can have buf == NULL while len == 0, allowing prior checks on msg[i].buf to pass and potentially reach gl861_i2c_master_xfer with a NULL dereference. The vend...

kernel: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()

In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...

DEBIAN-CVE-2018-18849

In Qemu 3.0.0, lsidomsgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msglen value...