Astra Linux - уязвимость в mbedtls

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...

JLSEC-2026-123

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

CLSA-2026-1774375084 libarchive: Fix of CVE-2026-4111

CVE-2026-4111: Fix infinite loop in RAR5 decompression caused by blocklength exceeding half the window size, leading to CPU-consuming denial-of-service...

CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

libarchive 缓冲区错误漏洞

Libarchive is an open-source multi-format archiving and compression library developed by Libarchive. Libarchive has a buffer error vulnerability, which stems from heap out-of-bounds reads in the RAR archiving processing logic. Improper validation of the LZSS sliding window size after the...

JLSEC-2025-219 An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, an untrusted operating system attacking a secure enclave can recover an RSA private key after observing the victim performing a single...

From LLMs to Agents: A Comparative Evaluation of LLMs and LLM-Based Agents in Security Patch Detection

The widespread adoption of open-source software OSS has accelerated software innovation but also increased security risks due to the rapid propagation of vulnerabilities and silent patch releases. In recent years, large language models LLMs and LLM-based agents have demonstrated remarkable...

EUVD-2023-45820

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2007-0086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth...

Linux Distros Unpatched Vulnerability : CVE-2004-0230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent...

Linux Distros Unpatched Vulnerability : CVE-2019-9511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The...

DEBIAN-CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

curl: Integer Overflow Risk in HTTP/2 Proxy Window Size Calculations

Summary: The HTTP/2 proxy implementation in curl contains potential integer overflow vulnerabilities in buffer size calculations that could lead to memory corruption or denial of service. AI Usage Statement: This report was prepared by a human security researcher after manual code review. No AI w...

CVE-2023-41304

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window...

UBUNTU-CVE-2022-49330

In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpmtupprobesuccess vs wrong sndcwnd syzbot got a new report 1 finally pointing to a very old bug, added in initial support for MTU probing. tcpmtuprobe has checks about starting an MTU probe if tcpsndcwndtp = 11. But...

Synology DSM HTTP/2 Implementations Window Size and Stream Prioritization Manipulation (CVE-2019-9511)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

Screen Refresh Issues Through a Seamless Pass-Through Session

The screen might not repaint properly because of a poor refresh rate. Therefore, certain areas of the application appear grayed out or distorted. This happens when running an application in seamless mode while utilizing the pass-through client on the server. Manually refreshing the application do...

PT-2024-21887 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue has been identified around sysctl netrom transport requested window size in the netrom component. Recommendations: At the moment, there is no information about a newe...