Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3attach Syzbot identified an issue 1 in multiq3attach that induces a task timeout due to open or COMEDIDEVCONFIG ioctl operations, specifically, in the case of multiq3 driver. Thi...

SUSE-SU-2026:21203-1 Security update for strongswan

This update for strongswan fixes the following issues: Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP bsc1259472. Changes for strongswan: - Fixed a vulnerability in the NetworkManager plugin that...

EUVD-2019-0728

Malware in sbrugna...

CVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces

In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...

CVE-2022-49570

CVE-2022-49570 affecting the Linux kernel gpio-xilinx driver. The issue is an integer overflow/overflow-prone data type that prevents configuring more than 32 pins; the fix casts to unsigned long to handle larger pin counts. Public references point to kernel stable tree patches (e.g., git.kernel....

CVE-2022-24715

CVE-2022-24715 affects Icinga Web 2. Authenticated users with access to the configuration can create SSH resource files in unintended directories, enabling arbitrary code execution. The issue is fixed in Icinga Web 2 releases 2.8.6, 2.9.6, and 2.10. Upgrading is the recommended remediation; if up...

AZL-6853 CVE-2021-41099 affecting package redis for versions less than 6.2.6-1

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

Test configuration carryover to production deployment limits pool users to 5

Handle 0xRajeev Vulnerability details Impact The project uses a data structure for indexing ticket tokens/users called SortitionSumTreeFactory which as explained in the overview video time 14:20-14:50 is used to capture users’ token balances in the leaves where internal nodes represent their sums...

Elasticsearch 1.5.2 File Creation Vulnerability

Elasticsearch versions 1.0.0 through 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create...