Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the issue where the smbd connection was lost and destroyed when the MR allocation failed. If the MR allocation fails, the smbdDestroy function will return NULL, resulting in the connection information being leaked. We...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013599 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011288)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011288 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb...

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

EUVD-2026-14431

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections...

SUSE CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

UBUNTU-CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

CVE-2023-54260

CVE-2023-54260 — Linux kernel (CIFS): The vulnerability occurs when MR allocation fails during CIFS SMB direct connection handling; if the MR allocate fails and the smb direct connection info is NULL, smbd_destroy() returns early and leaks the connection info. The fix updates the shutdown path by...

PT-2025-54089

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's CIFS implementation where a Server Message Block SMB direct connection's information could be leaked if memory allocation MR allocate failed...

CVE-2024-52940

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID...

libsoup: infinite loop while reading websocket data

A flaw was found in Libsoup. The soupwebsocketconnectionread function uses a loop that reads incoming WebSocket data via the glib library. This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from...

BIT-TOMCAT-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

PT-2024-1971

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software affected versions not specified Cisco NX-OS Software affected versions not specified Description A vulnerability in the Link Layer Discovery Protocol LLDP feature could allow an unauthenticated, adjacent attacker to cause a...

CVE-2023-48121

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers t...

Authentication flaw

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers t...

CVE-2023-48121

CVE-2023-48121 is an authentication bypass in the Ezviz Direct Connection Module affecting Ezviz CS-C6N-xxx, CS-CV310-xxx, CS-C6CN-xxx, and CS-C3N-xxx prior to v5.3.x build 20230401. Remote attackers can obtain sensitive information by sending crafted messages to affected devices. The vulnerabili...

CVE-2023-48121

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers t...

PT-2023-30706 · Ezviz +1 · Ezviz Cs-C6Cn +3

Name of the Vulnerable Software and Affected Versions: Ezviz CS-C6N-xxx versions prior to v5.3.x build 20230401 Ezviz CS-CV310-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C6CN-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C3N-xxx versions prior to v5.3.x build 20230401 Hikvision...

K38573130: Apache Tomcat vulnerability CVE-2020-13934

Security Advisory Description An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading...