12 matches found
SUSE CVE-2026-31515
In the Linux kernel, the following vulnerability has been resolved: afkey: validate families in pfkeysendmigrate syzbot was able to trigger a crash in skbput 1 Issue is that pfkeysendmigrate does not check old/new families, and that setipsecrequest @family argument was truncated, thus possibly...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003846)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003846 advisory. In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack...
EUVD-2024-0625
Malicious code in bioql PyPI...
OESA-2025-2315 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the nex...
AZL-64526 CVE-2025-38147 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AFINET sk. syzkaller reported a null-ptr-deref in txoptget. 0 The offset 0x70 was of struct ipv6txoptions in struct ipv6pinfo, so struct ipv6pinfo was NULL there. However, this never...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a lack of address family validation, which could lead to null pointer dereferencing...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
GHSA-F3QR-QR4X-J273 php-svg-lib lacks path validation on font through SVG inline styles
Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP href, 0, 7 === "phar://" || $this-document-allowExternalReferences === false && \strtolower\substr$this-href, 0, 5 !== "data:" unset$style"font-family"; PoC Parsing the following SVG...
DEBIAN-CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
DEBIAN-CVE-2020-10942
In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls...