Astra Linux - уязвимость в libvirt

A flaw was discovered in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, leading to a race condition and a denial of service when attempting to lock the same object from another thread. This issue could cause clients connecting to the read-only socket ...

CVE-2026-41647

A flaw was found in Incus, a system container and virtual machine manager. An authenticated Incus user can exploit a missing error handling vulnerability by importing a truncated storage bucket backup file. This can lead to a daemon crash, resulting in a Denial of Service DoS for the Incus servic...

OESA-2026-1986 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

Out-of-Bounds Read

libudisks2.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to the loop device handler failing to validate the lower bound of the index parameter received via D-BUS allowing negative index values, which allows an attacker to crash the daemon or perform local privilege escalation b...

EUVD-2020-27316

Malware in sbrugna...

libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart

A NULL pointer dereference vulnerability was found in the Libreswan package. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the...

Beckhoff TwinCAT/BSD 安全漏洞

Beckhoff TwinCAT/BSD is a new operating system from Beckhoff. A security vulnerability exists in Beckhoff TwinCAT/BSD, which stems from an MPD package that allows an authenticated, low-privileged local attacker to induce a denial of service state in the daemon via a carefully constructed HTTP...

CVE-2022-23094

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6...

libvirt: Potential denial of service via active pool without target path

A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...

ngIRCd: Buffer overflow

Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description Florian Westphal discovered a buffer overflow caused by an integer underflow in the ListsMakeMask function of lists.c. Impact A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and...