21 matches found
SUSE CVE-2026-43410
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...
EUVD-2026-28716
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...
CVE-2026-43410
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...
UBUNTU-CVE-2026-43410
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...
CVE-2026-43410
Summary: CVE-2026-43410 affects the Linux kernel firmware driver for Stratix 10 RSU. When RSU is not enabled in the FSBL, the driver can NULL-dereference via svc_normal_to_secure_thread(), causing a kernel panic. The root cause is rsu_send_async_msg() freeing the channel on failure, while the pro...
PT-2026-39071
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the stratix10-rsu firmware driver when Remote System Update RSU is disabled in the First Stage Boot Loader FSBL. The issue arises because the rsu sen...
CVE-2026-40490
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +48 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)
org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...
EUVD-2024-41615
Malicious code in bioql PyPI...
BIT-ENVOY-2024-45810 Envoy crashes for LocalReply in http async client
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
CVE-2024-45810
A flaw was found in Envoy. Envoy will crash when the http async client is handling sendLocalReply under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the sendLocalReply in http async client if the http async client is duplicating the...
CVE-2024-45810
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
CVE-2024-45810
CVE-2024-45810 affects Envoy. The vulnerability is a crash in the HTTP async client when handling sendLocalReply under certain conditions (e.g., websocket upgrade or request mirroring). Root causes described include duplicate status code handling and destructor-order issues in the async stream, l...
CVE-2024-45810 Envoy crashes for LocalReply in http async client
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
CVE-2024-45810 Envoy crashes for LocalReply in http async client
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
CVE-2024-45810 Envoy crashes for LocalReply in http async client
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory OOM vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer...
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory OOM vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer...
CVE-2022-31162
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...
Information disclosure
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...