Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ftruncate: passing a signed offset. The old ftruncate system call, which used the 32-bit offt type, missed a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally...

Handlebars.js has a Property Access Validation Bypass in container.lookup

Summary In lib/handlebars/runtime.js, the container.lookup function uses container.lookupProperty as a gate check to enforce prototype-access controls, but then discards the validated result and performs a second, unguarded property access depthsiname. This Time-of-Check Time-of-Use TOCTOU patter...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the lookup function. An attacker can access properties that should be restricted by bypassing...

EUVD-2025-203740

In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroutes. By all means, this should not occur as said callback must always b...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989289)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989289 advisory. In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990249)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990249 advisory. In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate syscall, using the 32-bit offt misses a sign...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989830 advisory. In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate syscall, using the 32-bit offt misses a sign...

EUVD-2018-5846

Malware in sbrugna...

DEBIAN-CVE-2022-49629

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be changed concurrently. Thus, we need to add READONCE to its readers...

UBUNTU-CVE-2022-49629

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be changed concurrently. Thus, we need to add READONCE to its readers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that nexthopcompatmode may be concurrently modified during reads, resulting in data contention...

SUSE CVE-2024-42084

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate syscall, using the 32-bit offt misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncati...

DEBIAN-CVE-2024-42084

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate syscall, using the 32-bit offt misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncati...

UBUNTU-CVE-2024-42084

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate syscall, using the 32-bit offt misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncati...

UBUNTU-CVE-2021-47364

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compatinsnlist compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl whenwhen CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct comediinsn converted fro...

kernel: nexthop: Fix data-races around nexthop_compat_mode.

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be changed concurrently. Thus, we need to add READONCE to its readers...

Linux Kernel 2.6.27+ - x86_64 compat Local Root Exploit

No description provided by source. / Ac1dB1tch3z Vs Linux Kernel x8664 0day Today is a sad day.. R.I.P. Tue, 29 Apr 2008 / Tue, 7 Sep 2010 a bit of history: MCASTMSFILTER Compat mode bug found... upon commit! 2 year life on this one author David L Stevens dlstevens us ibm com Tue, 29 Apr 2008...

openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)

This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected...

SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...