Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In the net: rose module, the function rosekillbydevice collects sockets into a local array, and then iterates over those arrays to disconnect sockets bound to devices that are being shut down. The loop mistakenly indexes arraycnt...

CVE-2026-41232 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990541 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of th...

Siemens SIMATIC and SCALANCE Devices Improper Validation of Array Index (CVE-2025-21692)

net: sched: fix ets qdisc OOB Indexing This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503404; scriptversion"1.3";...

Siemens SIMATIC Devices Improper Validation of Array Index (CVE-2024-38587)

In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The buf pointer is an array of u16 values. This code should be using ARRAYSIZE which is 256 instead of sizeof which is 512, otherwise it can the still got out of bounds. This plugin only works...

Azure Linux 3.0 Security Update: kernel (CVE-2024-53156)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53156 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for...

CVE-2024-46821

...

SUSE CVE-2024-43858

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree...

[slackware-security] xine-lib

New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-0073 Here are the details from the Slackware...

Buffer overflow in crypto.signText() — Mozilla

Mikolaj Habryn discovered an array index bug in crypto.signText that results in overflowing an allocated array of pointers by two when optional Certificate Authority name arguments are passed in...