pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling for TX CQE messages. For an unknown type of TX CQE error likely due to newer hardware, still free the SKB, update the queue tail, etc. Otherwise, the accounting data will be incorrect...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: Verify the inode mode when loading from disk. The inode mode loaded from a corrupted disk may be invalid. Do as described in the commit 0a9e74051313 “isofs: Verify the inode mode when loading from disk”...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

SUSE CVE-2026-45915

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

CVE-2026-45915

A flaw was found in the Linux kernel's handling of FAT File Allocation Table filesystems. When processing corrupted FAT images, the rmdir function can incorrectly decrement the parent directory's link count. This underflow can lead to a system instability or a denial of service DoS by triggering ...

CVE-2026-46032

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM nSVM module. When a nested virtual machine exit VMEXIT occurs, if the restoration of the host's Control Register 3 CR3 fails, the system continues to operate with a corrupted state. This can lead to an unrecoverable error,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from corrupted work queue lists in the RDMA iwcm driver, potentially leading to list corruption...

SUSE CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A bug in markbufferdirty was fixed, as it previously caused a warning when buffers were discarded and reused. A syzbot stress test using a corrupted disk image revealed that markbufferdirty called from nilfsmark inodedirt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: erofs: Avoid infinite loops caused by corrupted subpage compact indexes. Robert reported an infinite loop observed in two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and attempts to read a b-tree node by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the decoding process of grid-based HEIF or AVIF images when a corrupted tile fails to decode and the library returns a success status, resulting in uninitialized heap memory being exposed as pixel data. ...

Advisory ROSA-SA-2026-3277

software: binutils 2.38 WASP: ROSA-CHROME unaffected versions = binutils-2.38-8 affected versions binutils-2.38-8 CVE-ID: CVE-2025-69652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readelf utility of the GNU Binutils package is related to incorrect processing of specially...

AMD多款产品 缓冲区错误漏洞

AMD Radeon is a set of device driver and utility software packages developed by American semiconductor company AMD for Advanced Micro Devices’ graphics cards and GPUs. Several AMD products have a buffer error vulnerability, which stems from insufficient parameter cleaning. This vulnerability may...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from corrupted Compositing component objects, which could allow remote attackers with compromised rendering processes to exploit...

CVE-2026-28956

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app...

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.7.0 of Outline contain security vulnerabilities. These vulnerabilities stem from a corrupted authorization pattern in the subscriptions.create API endpoint. When both collectionId and documentId are provided...