Astra Linux - уязвимость в golang-1.19

Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...

PT-2026-37678

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

[SECURITY] Fedora 42 Update: openssh-9.9p1-14.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 43 Update: openssh-10.0p1-9.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

PT-2026-1497

Name of the Vulnerable Software and Affected Versions wolfSSH versions 1.4.21 and earlier Description The wolfSSH key exchange state machine can be manipulated, potentially leading to the exposure of the client’s password in plaintext. This manipulation could also allow an attacker to trick the...

USN-7774-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...

EUVD-2018-14827

Malware in sbrugna...

[SECURITY] Fedora 40 Update: httpcomponents-core-4.4.16-8.fc40

HttpCore is a set of low level HTTP transport components that can be used to build custom client and server side HTTP services with a minimal footprint. HttpCore supports two I/O models: blocking I/O model based on the classic Java I/O and non-blocking, event driven I/O model based on Java NIO. T...

Moderate: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Microsoft Windows Resilient File System (ReFS) Security Vulnerability

Microsoft Windows Resilient File System ReFS is a resilient file system from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Resilient File System ReFS. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are...

Microsoft Windows PGM 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows PGM. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Versi...

SUSE CVE-2020-14782

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

GHSA-P72G-CGH9-GHJG Failing DTLS handshakes may cause throttling to block processing of records

Impact Failing handshakes didn't cleanup counters for throttling. In consequence the threshold may get reached and will not be released again. The results in permanently dropping records. The issues was reported for certificate based handshakes, but it can't be excluded, that this happens also fo...

Microsoft Windows Point-to-Point Tunneling Protocol 竞争条件问题漏洞

Microsoft Windows Point-to-Point Tunneling Protocol PPTP is a network protocol from Microsoft that enables the secure transmission of data from remote clients to private corporate servers by creating a virtual private network VPN over a TCP/IP-based data network. VPN. A competitive conditions iss...

Microsoft Windows SMBv3 代码问题漏洞

Microsoft Windows SMB Client and Microsoft Windows SMB Server are both products of Microsoft Corporation.Microsoft Windows SMB Client is a software application. an SMB client. Microsoft Windows SMB Server is a network file sharing protocol. It allows applications on a computer to read and write...

SSH.COM SSH Tectia Client and Server 安全漏洞

SSH.COM SSH Tectia Client and Server is an application from Finland SSH.COM. It is used for secure file transfer and remote access. A security vulnerability exists in SSH Tectia Client and Server before 6.4.19 that allows escalation of local privileges under non-standard conditions...

OESA-2021-1082 spice security update

The SPICE package provides the SPICE server library and client. These components are used to provide access to a remote machine's display and devices. Security Fixes: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

DEBIAN-CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...