Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003400 advisory. drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted...

SUSE-SU-2025:02749-1 Security update for iperf

This update for iperf fixes the following issues: - update to 3.19.1: CVE-2025-54351: Fixed buffer overflow in net.c bsc1247522 CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt bsc1247520 CVE-2025-54349: Fixed off-by-one error and...

SUSE CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used for MSGTRUNC in recv...

CVE-2025-54351

In iperf before 3.19.1, net.c is vulnerable to a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Affected products are iperf 3.19 and older. The issue is addressed in iperf 3.19.1, with advisories and patches published by multiple vendors (e.g., openSUSE/SUSE SUSE-SU-2025:027...

CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used for MSGTRUNC in recv...

iperf 安全漏洞

iperf is an ESnet open source tool for actively measuring the maximum bandwidth achievable on an IP network. A security vulnerability exists in iperf versions prior to 3.19.1, which stems from a buffer overflow in net.c that could cause the program to crash...

CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used for MSGTRUNC in recv...

CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

CVE-2023-1838

The CVE-2023-1838 entry centers on a use-after-free flaw in the Linux kernel’s vhost_net_set_backend (drivers/vhost/net.c, virtio network subcomponent) caused by a double fget. This can allow a local attacker to crash the system and potentially leak kernel information. Connected documents (Astra ...

CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem. Mitigation This flaw can be...

CVE-2020-10942

In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls...

CVE-2020-10942

In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls...

Denial Of Service (Dos)

qemu is vulnerable to denial of service. The qemudeliverpacketiov function in net/net.c accepts packet sizes greater than INTMAX. This allows an attacker to crash the application...

Code injection

qemudeliverpacketiov in net/net.c in Qemu accepts packet sizes greater than INTMAX, which allows attackers to cause a denial of service or possibly have unspecified other impact...

CVE-2018-17963

CVE-2018-17963 affects QEMU’s net/iov path. The vulnerability is introduced by qemu_deliver_packet_iov in net/net.c, which accepts packet sizes greater than INT_MAX, enabling a remote attacker to trigger a denial of service (and potentially other unspecified impact) by sending oversized packets. ...

CVE-2013-4150

The virtionetload function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of currqueues is greater than maxqueues, which triggers an out-of-bounds write...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3022)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3022 advisory. - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18721962 CVE-2013-6383 Tenable has extracted the preceding description block...

CVE-2014-0077

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service memory corruption and host OS crash or possibly gain privileges on the host OS via crafted packets,...

CVE-2003-0849

Cfengine CFServD ReceiveTransaction Function Remote Overflow (CVE-2003-0849): A stack-based buffer overrun in cfservd’s ReceiveTransaction, triggered by crafted transactions, affects cfengine 2.x before 2.0.8. An attacker with network access can send a manipulated packet to cfservd, potentially a...