Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fixed an issue where out-of-bounds access to the dirty bitset occurred during resizing. The dm-cache checks the dirty bits of the cache blocks that need to be dropped when shrinking the fast device. However, an indexing...

GHSA-6973-8887-87FF nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

Impact SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. If an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these...

EUVD-2026-25054

nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation...

nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

Impact SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. If an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these...

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

CVE-2026-33471

CVE-2026-33471 affects nim i q/core-rs-albatross (Rust Nimiq PoS) prior to v1.3.0. The vulnerability arises in SkipBlockProof::verify, which checks quorum using BitSet.len() and then casts each index (slot as u16) for lookup. Attackers can craft a SkipBlockProof where out-of-range indices spaced ...

CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

Nimiq 输入验证错误漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior to Nimiq 1.3.0, there was a vulnerability related to input validation. This vulnerability stemmed from the use of BitSet.len in SkipBlockProof::verify, which calculates the for slot checks. This process involves...

PT-2026-34542

Name of the Vulnerable Software and Affected Versions nimiq-block versions prior to 1.3.0 Description The SkipBlockProof::verify function computes its quorum check using BitSet.len, then iterates through BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. An integer...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006634 advisory. In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize...

Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access bsc1249455. CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers...

MiracleLinux 7 : php-5.4.16-48.0.12.el7.AXS7 (AXSA:2025-10958:11)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10958:11 advisory. CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions CVEs: CVE-2017-9228 Tenable has extracted the preceding descripti...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50279)

dm cache: out-of-bounds access to the dirty bitset when resizing dm- cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access. This plugin only works with Tenable.ot. Please visit...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-400773)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-400773 advisory. In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bi...

CLSA-2025-1759222758 ruby: Fix of 4 CVEs

CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution - CVE-2017-9224: Fix stack out-of-bounds read in matchat during regular expression searching - CVE-2017-9227: Fix stack out-of-bounds read in mbcenclen and invalid pointer dereference...

CLSA-2025-1758896397 php: Fix of CVE-2017-9228

CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions...

CLSA-2025-1758892982 php: Fix of CVE-2017-9228

CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions...

CLSA-2025-1758892974 php: Fix of CVE-2017-9228

CVE-2017-9228: fix heap out-of-bounds write in bitsetsetrange and parsecharclass functions...

CLSA-2025-1757523459 php: Fix of 4 CVEs

Fix multiple vulnerabilities in oniguruma: - CVE-2017-9224: out-of-bounds read in matchat - CVE-2017-9226: heap buffer overflow in nextstateval - CVE-2017-9227: out-of-bounds read in mbcenclen - CVE-2017-9228: out-of-bounds heap write in bitsetsetrange...