Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. Prior to versions 6.2.7 and 7.0.0, an attacker who attempted to load a specially crafted Lua script could cause a NULL pointer dereference, resulting in a crash of the redis-server process. This issue was fixed in Redis versions 7.0.0 and...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “comedi: check device’s attached status in compat ioctls” Syzbot identified a issue 1 that causes the kernel to crash, seemingly due to the absence of the callback dev-getvalidroutes. This should never happen, as the callback mus...

CVE-2026-43237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

Fedora 43 : rpki-client (2026-0d27571013)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0d27571013 advisory. rpki-client 9.7 - The Canonical Cache Representation underwent a breaking change after the adoption of...

SUSE CVE-2025-40040

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

CVE-2025-47950

CVE-2025-47950 affects CoreDNS DoQ, where the DoS occurred because the DoQ server spawned a new goroutine per incoming QUIC stream with no concurrency cap. The fixed patch (v1.12.2) adds explicit limits: max_streams per connection defaults to 256 and a server-wide bounded worker pool (worker_pool...

CVE-2025-31180

A flaw was found in gnuplot. The CANVAStext function may lead to a segmentation fault and cause a system crash. Mitigation Currently, no mitigation is available for this vulnerability...

CVE-2024-50039

In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCASTAB only for root qdisc Most qdiscs maintain their backlog using qdiscpktlenskb on the assumption it is invariant between the enqueue and dequeue handlers. Unfortunately syzbot can crash a host rather easily...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2522)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-48721

CVE-2022-48721 affects the Linux kernel net/smc: when SMC is used and a fallback to TCP occurs, some waitqueue entries previously inserted into smc_socket->wq may remain. After fallback, data flows over TCP and only clcsock->wq is woken, so applications (e.g., epoll) may miss wakeups for th...

CVE-2021-46990

CVE-2021-46990 affects powerpc/64s in the Linux kernel. The vulnerability arises from runtime patching of entry flush mitigations via a debugfs entry (entry_flush), which can be unsafe when CPUs are active, potentially causing a crash due to an LR restore issue. The fixed vulnerability patches ar...

kernel: block: be a bit more careful in checking for NULL bdev while polling

In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...

Internet Bug Bounty: DoS via lua_read_body() [zhbug_httpd_94]

Greetings. I have found a bug that can crash httpd 2.4.53, causing a denial of service. The bug is that luareadbody modules/lua/luarequest.c uses the value of the Content-Length header to allocate memory. While apreadrequest limits Content-Length's value to a non-negative |aprofft| via a call to...

PYSEC-2021-390

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

SUSE-SU-2018:2842-1 Security update for gnutls

This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846, bsc1105460 - HMAC-SHA-384 vulnerable to Lucky thirteen...

CVE-2016-8740

A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. Mitigation As a temporary workaround - HTTP...