41 matches found
Astra Linux - уязвимость в libxml2
A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...
CVE-2026-31727 usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix NULL pointer deref in ethgetdrvinfo Commit ec35c1969650 "usb: gadget: fncm: Fix netdevice lifecycle with devicemove" reparents the gadget device to /sys/devices/virtual during unbind, clearing the gadget...
TSPortal: Any user can forge self-deletion requests for any account
Summary Conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. Details Creating a DPA report about another user and leaving the evidence field empty causes that report to look like the reported user self-requested deletion of their data. Ingenuine repo...
GHSA-GFHQ-7499-F3F2 TSPortal: Any user can forge self-deletion requests for any account
Summary Conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. Details Creating a DPA report about another user and leaving the evidence field empty causes that report to look like the reported user self-requested deletion of their data. Ingenuine repo...
CVE-2026-29788
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788
The CVE affects TSPortal (WikiTide Foundation) prior to version 30, where converting empty strings to null allowed disguising DPA reports as self-deletion reports. Root cause is the faulty normalization of empty fields in the report handling flow. Impact described includes confidentiality/availab...
CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-23123 interconnect: debugfs: initialize src_node and dst_node to empty strings
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...
CVE-2026-23123
The CVE-2026-23123 issue affects the Linux kernel (interconnect: debugfs) where the src_node and dst_node pointers could be read or written unsafely due to not being initialized. The fix initializes src_node and dst_node to empty strings before creating debugfs entries to ensure reads/writes are ...
CVE-2026-23123
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...
CVE-2026-23123 interconnect: debugfs: initialize src_node and dst_node to empty strings
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990581)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990581 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' coul...
JLSEC-2025-80 An issue was discovered in libxml2 before 2.10.4
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...
[SECURITY] [DLA 4307-1] jq security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4307-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 21, 2025 https://wiki.debian.org/LTS -...
Debian dla-4307 : jq - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4307 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4307-1 [email protected] https://www.debian.org/lts/security/...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking for empty strings, which could lead to a buffer overflow...
PT-2025-5638 · Crates.Io · Fast-Float2
Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: The issue arises from the fast float2::common::AsciiStr::first method within the AsciiStr struct, which uses the unsafe keyword to read from memory without performing bounds checking...
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
The error rendering code from the parser would panic when handling failed parsing of queries where the error occurred when converting an empty string to a SurrealDB value. This would be the case when casting an empty string to a record, duration or datetime, as well as potentially when parsing an...