Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: corrected out-of-bounds writes in iavfgetethtoolstats iavf incorrectly uses realnumtxqueues for ETHSSSTATS. Since the value could change during runtime, we should use numtxqueues instead. Additionally, iavfgetethtoolstats...

UBUNTU-CVE-2026-26958

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

SUSE CVE-2025-68794

In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomapadjustreadrange assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case...

AZL-67013 CVE-2025-39716 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: parisc: Revise getuser to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so getuse...

CVE-2021-43667

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...

SUSE CVE-2022-49771

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...

CVE-2025-23153

The CVE-2025-23153 entry is confirmed with concrete details in connected sources: Linux kernel affected area is arm/crc-t10dif, where a bug caused an out-of-scope array access in crc_t10dif_arch(). The issue is fixed by the patch(es) referenced from kernel stable commits, addressing the use-after...

AZL-52458 CVE-2024-50128 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwanrtnlpolicy The variable wwanrtnllinkops assign a bigger maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as the oob fixed in commit...

AZL-51228 CVE-2024-50033 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...

CVE-2022-48779

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix use-after-free in ocelotvlandel ocelotvlanmemberdel will free the struct ocelotbridgevlan, so if this is the same as the port's pvidvlan which we access afterwards, what we're accessing is freed memory. Fix...

CVE-2022-48631 ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when ehentries == 0 and ehdepth 0 When walking through an inode extents, the ext4extbinsearchidx function assumes that the extent header has been previously validated. However, there are no checks...

RUSTSEC-2024-0017 Non-idiomatic use of iterators leads to use after free

Code that attempts to use an item e.g., a row returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed. This is ...

SUSE-SU-2023:0145-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. bsc1206664 - CVE-2022-3564: Fixed a bug which could lead...

SUSE: Security Advisory (SUSE-SU-2020:1524-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GenericMutexGuard allows data races of non-Sync types across threads

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

Fedora 30 : php (2020-9fa7f4e25c)

PHP version 7.3.18 14 May 2020 Core: - Fixed bug php78875 Long filenames cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php79434 PHP 7.3 and PHP-7.4...

CVE-2020-11024 Man-in-the-middle attack in Moonlight iOS/tvOS

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS...

Fedora 30 : php (2019-6350c4e21a)

PHP version 7.3.5 02 May 2019 Core: - Fixed bug php77903 ArrayIterator stops iterating after offsetSet call. Nikita CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036...

youngtv.mobi XSS vulnerability

Open Bug Bounty ID: OBB-679222 Description| Value ---|--- Affected Website:| youngtv.mobi Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

industrial.com.pt XSS vulnerability

Open Bug Bounty ID: OBB-629293 Description| Value ---|--- Affected Website:| industrial.com.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...