Request Tracker 安全漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions prior to Request Tracker 5.0.10, as well as versions 6.0.0 to 6.0.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that data controlled by users during spreadsheet...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: A kernel panic occurs when accessing DATdata. The i3cmasterbusinit function may attach the I2C devices before I3C bus initialization. In this case, the DAT allocentry will be used before the DAT init...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igc: Fixed page faults in handling XDP TX timestamps. If an XDP application that requested TX timestamping shuts down while the link of the interface in use is still active, the following kernel-related issues are reported:...

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

ROS-20260506-73-0042

Vulnerability in flannel due to failure to clean data at the management level. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

EUVD-2019-18120

Malware in sbrugna...

DEBIAN-CVE-2025-38691

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

FreePBX 安全漏洞

FreePBX formerly known as Asterisk Management Portal is a suite of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A security vulnerability exists in FreePBX version 15.0.66 and versions prior to 17.0.3, which stems from...

ROS-20250703-03

A vulnerability in the pgAdmin 4 database management tool is related to improper data cleanup, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

CVE-2019-8730

The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes...

vLLM 操作系统命令注入漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. An operating system command injection vulnerability exists in vLLM version 0.6.0, which stems from a failure to clean up deserialized data in the AsyncEngineRPCServer function, which could lead t...

ROS-20241121-05

The vulnerability in the Moodle virtual learning environment is related to issues with controlling the visibility of user information in gradebook reports. of user information in gradebook reports. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...

Moodle Cross-Site Scripting Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from insufficient data cleanup when executing a recovery,...

PT-2024-10315 · Microsoft · Azure Database For Postgresql Flexible Server

Name of the Vulnerable Software and Affected Versions: Azure Database for PostgreSQL Flexible Server affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Azure Database for PostgreSQL Flexible Server. It is associated with a failure t...

Moodle 安全漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from insufficient data cleanup when executing a recovery,...

ROS-20240916-11

Vulnerability of the sssctl command of the remote directory access control service and authentication mechanism SSSD is related to the lack of input data cleanup measures. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, a...

Invision Community Security Breach

Invision Community is a software for designing and developing mobile application UI from Invision USA. A security vulnerability exists in Invision Community versions prior to 4.7.16 that stems from the application failing to properly clean up request parameters, which can be exploited by an...

kernel: net/mlx5e: Move representor neigh cleanup to profile cleanup_tx

A flaw was identified in the Linux kernel’s Mellanox mlx5 Ethernet driver net/mlx5e related to the cleanup order of neighbour information when handling offloaded IP tunnel encapsulation rules in ECMP Equal-Cost Multipath mode. In certain scenarios — such as unloading the eswitch device while an...