9991 matches found
CVE-2026-43043
The CVE describes a Linux kernel vulnerability in the AF_ALG crypto interface where chaining a new af_alg_tsgl structure can leave the end marker of the previous Scatter/Gather List uncleared when a sendmsg exactly fills MAX_SGL_ENTS. This causes sg_next() to return NULL, potentially leading to a...
PT-2026-36460
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The AF ALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new af alg tsgl structure. If the sendmsg function fills an SGL exactly to MAX SGL ENTS, the las...
RUSTSEC-2026-0114 Panic when allocating a table exceeding the size of the host's address space
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg For more information see the GitHub-hosted security advisory...
Panic when allocating a table exceeding the size of the host's address space
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg For more information see the GitHub-hosted security advisory...
CVE-2026-7164 pf can overflow the stack parsing crafted SCTP packets
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
Important: rclone
Issue Overview: crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was...
FreeBSD : FreeBSD -- pf can overflow the stack parsing crafted SCTP packets (225ba563-4435-11f1-bb07-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 225ba563-4435-11f1-bb07-bc241121aa0a advisory. Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can...
Amazon Linux 2023 : rclone (ALAS2023-2026-1607)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1607 advisory. crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the UpdatePathAttrs4ByteAs function when processing malformed BGP UPDATE messages containing both ASPATH and AS4PATH attributes. An attacker can cause the process to crash by sending a specially...
GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE
Summary A remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not...
GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
FreeBSD Security Advisory - FreeBSD-SA-26:14.pf
FreeBSD Security Advisory - Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic...
Linux Distros Unpatched Vulnerability : CVE-2026-31573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing...
FreeBSD-SA-26:14.pf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:14.pf Security Advisory The FreeBSD Project Topic: pf can overflow the stack parsing crafted SCTP packets Category: core Module: pf Announced: 2026-04-29...
AVX2 Implementation Did Not Fully Reduce Intermediate Values
The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...
RUSTSEC-2026-0126 AVX2 Implementation Did Not Fully Reduce Intermediate Values
The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...