4482 matches found
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The committed code attempted to simplify the process of deallocations, but this led to a double-free on the mcdev variable. If the MC device is a DPRC, a new mcbus is allocated, and the mcdev...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: clk: imx: Fixed an out-of-bounds access in dispmixcsrclkdevdata When numparents is 4, clkregister causes an out-of-bounds access when accessing the parentnames member. Use ARRAYSIZE instead of hardcoding the number here. BUG:...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: atm: clip: Fixed NULL pointer dereferencing in vccsendmsg atmarpddevops does not implement the send method, which may cause crashes as described below. BUG: NULL pointer dereferencing in the kernel, address: 0000000000000000 P...
curl: curl built with GnuTLS backend defaults to weak crypto parameters
Summary: Curl configured with GnuTLS backend --with-gnutls defaults using "NORMAL" as the base level of the library cryptographic security. From GnuTLS documentation: The message authenticity security level is of 64 bits or more, and the certificate verification profile is set to GNUTLSPROFILELOW...
EUVD-2023-60040
Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
Malicious code in epic-webpack-hot-dev-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad1ea558baf857da2084adf46bf56730bd6d03f39046fff99845429d9e06cd2 The package epic-webpack-hot-dev-client was found to contain malicious code...
EUVD-2025-37073
Malicious code in epic-webpack-hot-dev-client npm...
MAL-2025-49220 Malicious code in epic-webpack-hot-dev-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad1ea558baf857da2084adf46bf56730bd6d03f39046fff99845429d9e06cd2 The package epic-webpack-hot-dev-client was found to contain malicious code...
SUSE CVE-2025-40074
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-27093
CVE-2025-27093 affects Sliver’s custom WireGuard netstack. In affected releases (1.5.43 and earlier, and 1.6.0-dev) the netstack does not restrict traffic between WireGuard clients, enabling unrestricted inter-client communication and potentially allowing leaked/recovered keys to be used across o...
AZL-68894 CVE-2025-40074 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
UBUNTU-CVE-2025-40074
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-40074 ipv4: start using dst_dev_rcu()
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-40075
In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu Replace three dstdev with a lockdep enabled helper...
PT-2025-44202
Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper use of the dstdevrcu function, which could lead to reuse after release...
Linux Distros Unpatched Vulnerability : CVE-2025-40074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-44989)
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; i...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.0 Release.
Red Hat OpenShift Dev Spaces 3.24.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.24 release is based on...