15 matches found
Astra Linux - уязвимость в heimdal
The fix for CVE-2022-3437 involved changing the memcmp function to run in constant time, as well as providing a workaround for a compiler bug by adding comparisons of the result with the value “!= 0” to the memcmp function. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0...
Oracle Linux 9 : bind9.18 (ELSA-2026-7915)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7915 advisory. - Correct backport issue in the patch CVE-2026-1519 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
bind9.18 security update
32:9.18.29-5.4 - Correct backport issue in the patch CVE-2026-1519 32:9.18.29-5.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519...
EUVD-2023-36879
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-6056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via a...
Canon ImageRunner 安全漏洞
Canon ImageRunner is a series of all-in-one black and white printers from Canon Japan. A security vulnerability exists in Canon ImageRunner that stems from a backport issue with office/small office multifunction printers and laser printers...
CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a...
CVE-2021-47436
In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 "usb: musb: musbdsps: requestirq after initializing musb" has inverted the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev without updating correctly the erro...
DEBIAN-CVE-2021-47436
In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 "usb: musb: musbdsps: requestirq after initializing musb" has inverted the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev without updating correctly the erro...
DEBIAN-CVE-2022-45142
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...
SUSE CVE-2017-2628
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...
SUSE CVE-2019-15239
In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting...
CVE-2017-2628
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...
UBUNTU-CVE-2017-6056
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...
DEBIAN-CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service system crash via the Fast Open feature, as demonstrated by visiting the chrome://flags/enable-tcp-fast-open URL wh...