1035127 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fixed the NFSv4.2 kernel bug at mm/usercopy.c:102. A call to listxattr with a buffer size of 0 returns the actual size of the buffer required for a subsequent call. When size 0, nfs4listxattr does not return an error...
Astra Linux - уязвимость в openssl1.0
There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed the bug in ext4writepages We encountered the following issue: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here...
Astra Linux - уязвимость в qemu
A out-of-bounds heap buffer access issue was identified in the ARM Generic Interrupt Controller emulator of QEMU, as of and including qemu 4.2.0 on the aarch64 platform. The issue arises because, when writing an interrupt ID to the controller’s memory area, it is not masked to be 4 bits wide. Thi...
Astra Linux - уязвимость в pillow
A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: hamradio: Fixed a memory leak in mkissclose. My local syzbot instance encountered a memory leak in mkissopen. The issue was due to the missing freenetdev call in mkissclose. In mkissopen, netdevice is allocated and then...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: scsi: scsi.debug: Fixed an out-of-bound read in respreporttgtpgs. The following issues were observed while running syzkaller: BUG: KASAN: Out-of-bound access in memcpy in include/linux/string.h:377 inline. BUG: KASAN:...
Astra Linux - уязвимость в vim
Incorrect calculation of buffer size in the GitHub repository for vim/vim before version 9.0.1378...
SUSE CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...
CVE-2026-34970
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-34754
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...
Amazon Linux 2023 : ecs-init (ALAS2023-2026-1637)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1637 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021616)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021616 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in...
RHEL 8 : firefox (RHSA-2026:19542)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19542 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
PT-2026-42367
openvpn-auth-oauth2 returns FUNC SUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2...
ALSA-2026:19568 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: libceph: make decodepool...
Mantis Bug Tracker 信息泄露漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a vulnerability related to information leakage. This vulnerability stemmed from allowing incorrect annotators to access the revised pages of...
PT-2026-42125
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...