DEBIAN-CVE-2024-57839

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...

CVE-2024-57843

CVE-2024-57843 : In the Linux kernel, a vulnerability in virtio-net can cause overflow in virtnet_rq_alloc when a fragment spans a page and the total buffer size plus virtnet_rq_dma exceeds one page. This can lead to reliable VM crashes or SCP failures. Root cause: virtnet_rq_dma reserves 16 byte...

CVE-2024-57839

Technical details for CVE-2024-57839 are not provided in the connected documents. Public info appears limited to the initial description; monitor for official advisories for affected products, impact, and fixes.

CVE-2024-57839 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...

DEBIAN-CVE-2024-57806

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIGBTRFSASSERT enabled, an assertion failure occurs regarding...

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

GHSA-6GF2-FFQ8-GCWW GHSL-2024-288: SickChill open redirect in login

SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open...

CVE-2024-53995

SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open...

MAL-2025-33 Malicious code in pre-commit-tasks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3f86360c5d5f5979a278474cb95f178bed388a7ce152931eee872318ac5fcd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pre-commit-tasks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3f86360c5d5f5979a278474cb95f178bed388a7ce152931eee872318ac5fcd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

PT-2025-34638 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

PT-2025-34645 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

PT-2025-34619

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A stack-based buffer overflow exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious...

PT-2026-21540

Name of the Vulnerable Software and Affected Versions strukturag libde265 versions prior to commit d9fea9d Description A segmentation fault exists in strukturag libde265 due to an issue within the decoder context::compute framedrop table component. This can lead to a program crash. Recommendation...

PT-2025-34642 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

PT-2025-34639 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

PT-2025-34363

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the packet set ring and packet notifier functions within the net/packet module. This occurs when packet set ring releases po-bind lock, allowing another thre...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

CVE-2024-56625

In the Linux kernel, the following vulnerability has been resolved: can: dev: cansettermination: allow sleeping GPIOs In commit 6e86a1543c37 "can: dev: provide optional GPIO based termination support" GPIO based termination support was added. For no particular reason that patch uses gpiodsetvalue...