Lucene search
K

205 matches found

Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3850

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0 Description EVerest is an EV charging software stack. An integer overflow in the SdpPacket::parse header function can occur when processing data. Specifically, the current buffer length can be set to 7 after...

8.3CVSS5.6AI score0.00251EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/01/19 12:8 p.m.9 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/19 4:0 a.m.6 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/19 3:14 a.m.4 views

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References5
Hacker One
Hacker One
added 2026/01/06 8:51 a.m.14 views

curl: MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait

Curl's MQTT implementation accepts any valid Remaining Length advertised by the server without an explicit upper bound beyond the MQTT spec maximum of 268,435,455 bytes. A malicious server can send a PUBLISH packet claiming this maximum size but provide only minimal payload, causing curl to wait...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2026/01/01 9:51 p.m.16 views

curl: MQTT Protocol Violation & Integer Overflow in libcurl

Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqttdecodelen Affected Architectures: - All architectures: Protocol non-compliance leading to stream desynchronization - 32-bit architectures: Deterministic integer overflow in length decoding libcurl does not correctly...

7.8AI score
Exploits0
Cvelist
Cvelist
added 2025/12/24 1:7 p.m.30 views

CVE-2023-54150 drm/amd: Fix an out of bounds error in BIOS parser

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589...

0.00168EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203710

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...

5.9AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2025/12/16 2:15 p.m.4 views

CVE-2025-68186

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...

0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 2:15 p.m.2 views

UBUNTU-CVE-2025-68186

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...

5.7AI score0.00166EPSS
Exploits0References11
EUVD
EUVD
added 2025/12/15 12:30 a.m.5 views

EUVD-2025-203316

openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p-rem and p-len is not checked...

5.3CVSS6.3AI score0.00243EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 1:16 a.m.4 views

DEBIAN-CVE-2023-53778

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...

5.3AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 1:16 a.m.5 views

UBUNTU-CVE-2023-53778

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...

5.7AI score0.00155EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.27 views

CVE-2023-53778 accel/qaic: Clean up integer overflow checking in map_user_pages()

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...

0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49638

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the accel/qaic component related to integer overflow checking within the map user pages function. The encode dma function previously had validation on...

6.8AI score0.00155EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 10:33 p.m.7 views

Malicious code in flatten-unflatten (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96678bbed20be5d500dc65bda769b41f7d3666a18c8a76262aca5ed79ef584fd The package flatten-unflatten was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/11/13 1:2 a.m.6 views

accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()

...

7AI score0.00166EPSS
Exploits0
EUVD
EUVD
added 2025/11/12 12:30 p.m.8 views

EUVD-2025-124911

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in findandmapuserpages Currently, if findandmapuserpages takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAICTRANSDMAXFERCONT fro...

5.8AI score0.00166EPSS
Exploits0References5
OSV
OSV
added 2025/11/12 10:53 a.m.8 views

CVE-2025-40172 accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in findandmapuserpages Currently, if findandmapuserpages takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAICTRANSDMAXFERCONT fro...

6.1AI score0.00166EPSS
Exploits0References7
CVE
CVE
added 2025/11/12 10:23 a.m.20 views

CVE-2025-40126

CVE-2025-40126 affects the Linux kernel (sparc/UltraSPARC) where a faulty exception handling path in copy_from_user and copy_to_user could affect the return value in faulting scenarios. The referenced commit added exception handlers for user-space memory references and incorrectly calculated the ...

5.9AI score0.00192EPSS
Exploits0References8
Rows per page
Query Builder