CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

MISP 资源管理错误漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a resource management...

Linux Distros Unpatched Vulnerability : CVE-2026-31624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID...

HID: core: clamp report_size in s32ton() to avoid undefined shift

...

SUSE CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

A flaw was found in the Linux kernel's Human Interface Device HID core. A malicious or malformed HID device could provide a specially crafted report descriptor with an overly large reportsize value. This could lead to an undefined shift operation within the s32ton function when processing output...

CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

DEBIAN-CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

CVE-2026-31624

CVE-2026-31624) affects the Linux kernel HID core. The vulnerability arises when a HID device supplies a report descriptor with a large report_size, causing s32ton() to shift by n-1 with n > 32. The issue is resolved by clamping n to the same maximum used by snto32(), per commit ec61b41918587,...

CVE-2026-31624

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

EUVD-2026-25517

In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp reportsize in s32ton to avoid undefined shift s32ton shifts by n-1 where n is the field's reportsize, a value that comes directly from a HID device. The HID parser bounds reportsize only to 32 clamp to the functi...

PT-2026-34976

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID core where the s32ton function performs a shift operation by n-1, with n being the report size provided directly by a HID device. Because the HID parser only...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of restrictions on reportsize in the s32ton module. This vulnerability may lead to...

SUSE-SU-2025:20635-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_5

This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

Linux Distros Unpatched Vulnerability : CVE-2021-46906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: usbhid: fix info leak in hidsubmitctrl In hidsubmitctrl, the way of calculating the report length doesn't take into account that report-size can be zero...

CVE-2021-46906 HID: usbhid: fix info leak in hid_submit_ctrl

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hidsubmitctrl In hidsubmitctrl, the way of calculating the report length doesn't take into account that report-size can be zero. When running the syzkaller reproducer, a report of size 0 causes...

Pillow 输入验证错误漏洞

Python Imaging Library PIL is a free library for the Python programming language that supports opening, manipulating, and saving a wide range of image file formats.Pillow is a PIL branch. A denial of service vulnerability exists in Pillow versions prior to 8.1.1. The vulnerability stems from not...

Crash Reporter Utility for Citrix Virtual Apps and Desktops

About This Release This is an early technical preview release v1.0.0.2 of the Crash Reporter utility. This release has not been tested extensively and is not supported. Please send any feedback using the link in Contact Information section. Where to download ? Certain legacy Citrix tools are now...