CVE-2025-40124 sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga tracked down that a BUGON in ext4 code with large folios enabled resulted from copyfromuser returning impossibly large values greater tha...

PT-2025-46713

Name of the Vulnerable Software and Affected Versions cups-filters versions prior to 1.28.18 Description cups-filters includes backends, filters, and other software needed for the CUPS printing service. A flaw exists where a specially crafted PDF file with a large MediaBox value can cause an...

EUVD-2025-50804

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

AZL-69985 CVE-2025-60876 affecting package busybox 1.35.0-18

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

UBUNTU-CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

[SECURITY] Fedora 43 Update: rust-get-size2-0.7.1-1.fc43

Determine the size in bytes an object occupies inside RAM...

BusyBox 安全漏洞

BusyBox is a suite of applications containing several linux commands and tools by the individual developer Denis Vlasenko in Ukraine. A security vulnerability exists in BusyBox 1.3.7 and earlier versions, which stems from the acceptance of C0 control bytes such as raw CR and LF in the target of a...

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990631 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INTMAX overflo...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990413)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990413 advisory. In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound UBSAN with byte size cells If a cell has 'nbits' equal to a multip...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989027)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989027 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990065)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990065 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989045)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989045 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INTMAX overflo...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...