51 matches found
udf: fix partition descriptor append bookkeeping
...
CVE-2026-45991
In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...
CVE-2026-45991
udf: fix partition descriptor append bookkeeping...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bonding: check xdp prog when set bond mode CVE-2025-22105 kernel: block: fix resource leak in blkregisterqueue error path CVE-2025-37980 kernel: dmaengine: idxd: fix memory leak in error...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Do not include the stack pointer register in precision backtracking bookkeeping. Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: ...
bpf: Do not include stack ptr register in precision backtracking bookkeeping
...
CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
UBUNTU-CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
CVE-2025-38279
CVE-2025-38279: Linux kernel bpf verifier backtracking bug in __mark_chain_precision (verifier) when handling precise registers; a test demonstrating a r10-related path and a patch that stops including stack ptr in precision backtracking was provided. Affected component: Linux kernel BPF verifier...
SAP Electronic Invoicing 安全漏洞
SAP Electronic Invoicing is an electronic invoice management solution from SAP, Germany. It is used for business electronic invoicing, bookkeeping, clearing and reconciliation. A security vulnerability exists in SAP Electronic Invoicing that originates from unauthorized access and could lead to...
CVE-2025-23622
CVE-2025-23622 corresponds to a Reflected XSS in the WordPress CBX Accounting & Bookkeeping plugin (versions n/a through 1.3.14). The issue stems from improper input neutralization during web page generation. Public sources (Red Hat and CVE feed) confirm the affected product/version and describe ...
WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin CBX Accounting & Bookkeeping versions = 1.3.14...
A malicious contributor can increase voting power maliciously and eventually steal funds!
Lines of code Vulnerability details Impact Unlimited voting power for attacker and stealing of funds ! Proof of Concept All of the contribute functions uses msg.value to calculate the votingpower . For example , contribute function looks like this : function contribute uint256 tokenId, address...
Envoy 资源管理错误漏洞
Envoy is an open source distributed proxy server. A resource management error vulnerability exists in Envoy versions prior to 1.27.0, which stems from the possibility that Envoy's HTTP/2 codec may leak header maps and bookkeeping structures after receiving the frame RSTSTREAM from an upstream...
Admin may take non-fee baseTokens from Collateral.sol
Lines of code Vulnerability details Description In Collateral.sol, deposit and withdraw functions are subject to fees. They are either sent directly to the treasure in deposit / withdraw hooks, or are kept in the Collateral contract for safekeeping. Later, manager can use managerWithdraw function...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepencies
Handle Dravee Vulnerability details Impact Wrong fateBalance bookkeeping for a user. Wrong fateCreated value emitted. Proof of Concept Taking into account the FOT is done almost everywhere important in the solution already. That's a known practice in the solution. However, it's missing here see...
LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...
LedgerSMB Cross-Site Scripting Vulnerability
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to adequately encode HTML for error...