17 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: - In net: The variable sk-skfamily was read once in the function skmcloop. - syzbot is frequently using IPV6ADDRFORM; it managed to trigger the WARNONONCE1 function in skmcloop. We have many more similar issues that need to be...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013202)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013202 advisory. In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days...
GHSA-2XC6-348P-C2X6 Sylius affected by IDOR in Cart and Checkout LiveComponents
Impact An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that...
CVE-2023-53831
A data race was found in the Linux kernel's networking stack. The skmcloop function reads sk-skfamily without proper synchronization while another thread may be changing it via IPV6ADDRFORM socket option. This race can cause the function to take an unexpected code path, triggering a WARNONONCE or...
SUSE CVE-2023-53831
In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE1 in skmcloop We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at...
EUVD-2023-60165
In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE1 in skmcloop We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at...
CVE-2023-53831
In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE1 in skmcloop We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at...
CVE-2023-53831 net: read sk->sk_family once in sk_mc_loop()
In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE1 in skmcloop We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at...
CVE-2023-53831
In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE1 in skmcloop We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at...
PT-2025-49722
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.40-syzkaller Description The Linux kernel contains an issue where the sk family is read only once in the sk mc loop function. This was discovered by syzbot while testing with IPV6 ADDRFORM. The issue occurs...
CVE-2024-49708
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context. This vulnerability...
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
kernel: memory leak in ipv6_renew_options()
A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6ADDRFORM and IPV6DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6ADDRFORM type and other processe...
Improper Neutralization of Equivalent Special Elements
Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements due to improper user input validation, which allows HTML injection in the forms/Address page fields. Remediation Upgrade BTCPayServer.Client to version 1.7.3 or higher. References -...