Astra Linux - уязвимость в tomcat9

Incomplete cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from version 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80, and from 8.5.0 through 8.5.93, an error may cause Tomcat to skip certain parts of th...

Astra Linux - уязвимость в tomcat9

DoS attack due to a vulnerability related to incomplete cleanup in Apache Tomcat. WebSocket clients were able to keep WebSocket connections open, leading to increased resource consumption. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18,...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an array entry processing error in the reflink cleanup mechanism of ocfs2, potentially leading to...

Astra Linux - уязвимость в intel-microcode

Incomplete cleanup in specific special register read operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Incomplete Cleanup

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Incomplete Cleanup via multipart request...

DEBIAN-CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

...

AZL-79589 CVE-2025-69652 affecting package binutils 2.37-20

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the makeMiddleware function in make-middleware.js. An attacker can cause resource exhaustion by sending malformed requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the makeMiddleware function in make-middleware.js. An attacker can cause resource exhaustion by sending malformed requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

CVE-2026-3304

Multer (Node.js middleware for handling multipart/form-data) is affected by CVE-2026-3304: versions prior to 2.1.0 are vulnerable to a Denial of Service via malformed requests, potentially exhausting resources. The issue is addressed by upgrading to version 2.1.0; no public workarounds are docume...

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup due to the improper cleanup of the streams map. An attacker can cause unbounded memory consumption by repeatedly creating and closing a large number of streams, leading to resource exhaustion. Remediation Upgrade...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003941)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003941 advisory. Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004262 advisory. Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information...

CVE-2021-22450

A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion...

MAL-2026-142 Malicious code in rt-qa-sampler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d57d7fdf7de875c7da43a03defcfe1df8c66f3a72a0802585f903e5e4e4a19 The package rt-qa-sampler was found to contain malicious code. Source: ghsa-malware 7db994932160920a0a11f0ca0419898a6c0552e1f38b68ccf9bb6b59d72f98fb...

SIGB PMB SQL注入漏洞

SIGB PMB is an open source integrated library management system from SIGB. A SQL injection vulnerability exists in SIGB PMB version 7.4.6, which stems from insufficient cleanup of the id parameter in the ajax.php endpoint, which could lead to a SQL injection attack...

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the x/costaking process. An attacker can continue to accrue rewards without maintaining any actual BTC stake by exploiting a state inconsistency that occurs when a Finality Provider becomes inactive at the same blo...

Siemens SIMATIC S7-1500 Incomplete Cleanup (CVE-2024-26835)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: set dormant flag on hook register failure This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC S7-1500 Incomplete Cleanup (CVE-2024-53164)

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-q.qlen around qdisctreereducebacklog need to happen before a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become...