Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetPhy The caller may pass any value as addr, which could lead to an out-of-bounds access to the mdiomap array. One existing case is in stmmacinitPhy, where -1 may be passed as addr...

CVE-2026-44284

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

CVE-2026-34443

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

Open5GS 代码问题漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contain code vulnerabilities due to a null pointer dereferencing issue in the PGW S5U address handling program...

SUSE CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

PT-2025-41038

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s mac80211 module related to the handling of association failures with access points. Specifically, a null pointer dereference can occur when attempting...

CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

PT-2025-39914

Name of the Vulnerable Software and Affected Versions go-mail versions 0.7.0 and below Description The go-mail library improperly handles mail.Address values when passed to the SMTP client’s MAIL FROM or RCPT TO commands. This can lead to incorrect address routing or ESMTP parameter smuggling...

PT-2025-51579

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the IPv6 implementation related to Address Header AH output processing. Specifically, the ah6 output and ah6 output done functions exhibit...

Linux Distros Unpatched Vulnerability : CVE-2025-1795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also...

AZL-57893 CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: For mptcp: pm: fixed ID 0 endp usage after multiple re-creations. The values of ‘localaddrused’ and ‘addaddraccepted’ are decremented for addresses that are not related to the initial subflow ID0. This is because the source an...

DEBIAN-CVE-2024-53100

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...

DEBIAN-CVE-2024-43840

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix trampoline for BPFTRAMPFCALLORIG When BPFTRAMPFCALLORIG is set, the trampoline calls bpftrampenter and bpftrampexit functions, passing them the struct bpftrampimage im pointer as an argument in R0. The trampoline...

DEBIAN-CVE-2024-38602

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25dev The ax25addrax25dev and ax25devdevicedown exist a reference count leak issue of the object "ax25dev". Memory leak issue in ax25addrax25dev: The reference count of the object...

The vulnerability of the get_parentControl_list_Info() function in the Tenda AC10 router’s microprogramming software allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the getparentControllistInfo function in the Tenda AC10 router’s microprogramming software is related to the execution of operations outside the buffer in memory when processing the urls parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary co...

curl: heap based buffer overflow in the SOCKS5 proxy handshake

A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then...

SUSE CVE-2014-3613

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1...

The vulnerability of the RGW component of the Ceph storage system, which is related to insufficient validation of input data, allows a attacker to trigger a service failure.

The vulnerability of the RGW component of the Ceph storage system is related to incorrect processing of URL addresses that end with two slashes. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

PT-2021-20072 · Apache · Apache Apisix Dashboard

Name of the Vulnerable Software and Affected Versions: Apache APISIX Dashboard version 2.6 Description: The issue arises from a combination of factors, including a change in the default listen host to 0.0.0.0 to facilitate external network access, the use of a risky function for IP acquisition in...