44 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Fixed corruption of the io-uring list for terminated, uncommitted requests. When a request terminates before it has been committed, the request is not removed from the queue’s list. This results in a dangling list entry,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoided using partially committed contexts One major use of damoncall is the update of DAMON parameters during operation. This is done by calling damoncommitctx within the damoncall callback function. damoncommitct...
Strategic Commitments Shape Collective Cybersecurity under AI Inequality
The growing integration of AI into cybersecurity is reshaping the balance between attackers and defenders. When access to advanced AI-enabled defence tools is uneven, resource-limited defenders may be unable to adopt effective protection, creating persistent system vulnerabilities. We study the...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33948)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33948 advisory. - jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b...
Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace
Key Takeaways Qualys VMDR and TotalCloud are now available on the Oracle Cloud Marketplace, simplifying procurement and deployment for Oracle Cloud Infrastructure OCI customers. Organizations can deploy security faster with native OCI integration and one-click provisioning. The combined platform...
EUVD-2026-16734
AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance...
EUVD-2026-8893
Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...
kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling
A flaw was found in the Linux kernel's iouring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSGWAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket...
kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling
A flaw was found in the Linux kernel's iouring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSGWAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket...
SUSE CVE-2025-68805
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
CVE-2025-68805
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
CVE-2025-68805
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
CVE-2025-68805
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
CVE-2025-68805
CVE-2025-68805 (fuse/io_uring) is addressed in OS/kernel security updates. Root cause: when an io-uring request is terminated before being committed, it remained in the queue, creating a dangling list entry that caused list corruption and use-after-free. Impact: potential corruption of the queue’...
CVE-2025-68805
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
CVE-2025-68805 fuse: fix io-uring list corruption for terminated non-committed requests
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
CVE-2025-68805 fuse: fix io-uring list corruption for terminated non-committed requests
In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...
PT-2026-2537
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s fuse implementation related to io-uring. Specifically, when a request is terminated before commitment, it isn’t removed from the queue’s list, resulti...
PT-2025-48098
Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASE API KEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak...
CVE-2025-11234
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...