Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that flagsvalid was not initialized before calling vfsfileattrget, potentially leading t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005575 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is...

Cross site request forgery (csrf)

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that stems from the ability to retrieve other users' attributes using maliciously crafted requests when AWS DynamoDB...

Exploit for Injection in Apache Archiva

CVE-2020-9495 PoC CVE-2020-9495 is medium severity LDAP injec...

curl: LDAP NULL pointer dereference

A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldapgetattributeber function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply...

LDAP NULL pointer dereference

curl might dereference a near-NULL address when getting an LDAP URL. The function ldapgetattributeber is called to get attributes, but it turns out that it can return LDAPSUCCESS and still return a NULL pointer in the result pointer when getting a particularly crafted response. This was a surpris...