Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux SCTP stack. A blind attacker may be able to terminate an existing SCTP connection by using invalid chunks, provided that the attacker knows the IP addresses and port numbers being used, and that the attacker can send packets with spoofed IP addresses...

Microsoft Windows Server Domain Role Detection

SMB-login based domain role detection with powershell fallback for Windows Server. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001484 advisory. A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002322 advisory. The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended...

NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...

CVE-2023-53465

CVE-2023-53465 : Linux kernel vulnerability in the SoundWire qcom driver where qcom_swrm_ctrl->pconfig (14 entries) can be written past bounds because indexing starts at 1 instead of 0, corrupting the next struct member. Exploitation is local (per CVSS: 7.1, HIGH impact on availability/Confide...

CVE-2022-28166

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082...

kernel: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

A flaw was found in the quatech2 module in the Linux kernel. An incorrect check for invalid port numbers can cause a NULL pointer dereference and result in a denial of service...

CVE-2022-43934

Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095...

UBUNTU-CVE-2024-50075

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy...

CVE-2024-42073

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumbuffers: Fix memory corruptions on Spectrum-4 systems The following two shared buffer operations make use of the Shared Buffer Status Register SBSR: devlink sb occupancy snapshot pci/0000:01:00.0 devlink sb occupan...

CVE-2022-29606

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network...

Design/Logic Flaw

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network...

CVE-2022-29606

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network...

PT-2023-12981 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered where an intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent an...

Open Networking Foundation ONOS 输入验证错误漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1, which stems from the fact that intents with large...

RHEL 7 : java-1.8.0-ibm (RHSA-2022:8880)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8880 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Ubuntu: Security Advisory (USN-5719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

Moderate: Red Hat Security Advisory: OpenJDK 8u352 Windows Security Update

The Red Hat build of OpenJDK 8 java-1.8.0-openjdk is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...