Unity Linux 20.1050e / 20.1070e Security Update: perl-Net-CIDR-Lite (UTSA-2026-016598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016598 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed the issue of partial SETREGSET for NTARMTAGGEDADDRCTRL. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will leave this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rcv: Fixed a kernel crash caused by PRSETTAGGEDADDRCTRL. When the user space performs PRSETTAGGEDADDRCTRL, but the Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc:...

Astra Linux - уязвимость в git-lfs

Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...

CVE-2026-42043

A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses within the 127.0.0.0/8 range, excluding 127.0.0.1, the attacker can completely bypass the...

Siemens SCALANCE and RUGGEDCOM Devices Access of Uninitialized Pointer (CVE-2024-57874)

arm64: ptrace: vulnerability due to an uninitialized variable in the taggedaddrctrlset function, leading to potential memory leakage from the kernel stack when a zero-length SETREGSET call is made, exposing up to 64 bits of memory. This plugin only works with Tenable.ot. Please visit...

EUVD-2019-11096

Malware in sbrugna...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-408908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-408908 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMTAGGEDADDRCTRL Currently taggedaddrctrlset doesn't...

CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

CVE-2019-17254

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!ReadBadPNG+0x0000000000000101...

CVE-2019-17247

IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEGLS+0x0000000000007da8...

DEBIAN-CVE-2025-37966

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PRSETTAGGEDADDRCTRL When userspace does PRSETTAGGEDADDRCTRL, but Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc : settaggedaddrctrl+0x112/0x15a ra :...

UBUNTU-CVE-2025-37966

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PRSETTAGGEDADDRCTRL When userspace does PRSETTAGGEDADDRCTRL, but Supm extension is not available, the kernel crashes: Oops - illegal instruction 1 snip epc : settaggedaddrctrl+0x112/0x15a ra :...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-57874)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57874 advisory. - In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for...

arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

...

CVE-2025-1204

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to...

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

D-Link DIR-816A2 安全漏洞

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2WlAc.cgi component, which can be exploited by an unauthenticated attacker to set 2.4G and 5G MAC access control via...

CVE-2024-57874

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMTAGGEDADDRCTRL Currently taggedaddrctrlset doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently...

SUSE CVE-2024-57874

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMTAGGEDADDRCTRL Currently taggedaddrctrlset doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently...