| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS).
If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset |
| On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardware system possible. |
| In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. |
| A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. |
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. |
| DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions. |
| An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. |
| A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.
|
| A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. |
| A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. |
| Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. |
| quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. |
| A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution |
|
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.
Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0. |
| An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. |
| In the Linux kernel, the following vulnerability has been resolved:
l2tp: pass correct message length to ip6_append_data
l2tp_ip6_sendmsg needs to avoid accounting for the transport header
twice when splicing more data into an already partially-occupied skbuff.
To manage this, we check whether the skbuff contains data using
skb_queue_empty when deciding how much data to append using
ip6_append_data.
However, the code which performed the calculation was incorrect:
ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;
...due to C operator precedence, this ends up setting ulen to
transhdrlen for messages with a non-zero length, which results in
corrupted packets on the wire.
Add parentheses to correct the calculation in line with the original
intent. |
| In the Linux kernel, the following vulnerability has been resolved:
PCI: mt7621: Add sentinel to quirks table
Current driver is missing a sentinel in the struct soc_device_attribute
array, which causes an oops when assessed by the
soc_device_match(mt7621_pcie_quirks_match) call.
This was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr
was fixed to register the SOC as a device, in:
commit 7c18b64bba3b ("mips: ralink: mt7621: do not use kzalloc too early")
Fix it by adding the required sentinel. |
