Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: rtnetlink: Allocate sufficient vfinfo size for VF GUIDs when supported. Commit 30aad41721e0 "net/core: Add support for getting VF GUIDs" added support for obtaining VF port and node GUIDs in netlink’s ifinfo messages. However,...

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been release...

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

Sciyon Koyuan Thermoelectricity Heat Network SQL注入漏洞

Sciyon Koyuan Thermoelectricity Heat Network is a heat network management system developed by the Chinese company Sciyon. Version 3.0 of Sciyon Koyuan Thermoelectricity Heat Network has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the PGUID parameter in the...

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

rtnetlink: Allocate vfinfo size for VF GUIDs when supported

...

DEBIAN-CVE-2025-22075

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 "net/core: Add support for getting VF GUIDs" added support for getting VF port and node GUIDs in netlink ifinfo messages, but their size was not take...

PT-2025-37962

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6 Description The Linux kernel contains a flaw in the efivarfs module related to an out-of-bounds write in the efivarfs d compare function. This issue occurs when dentry-d name.len is less than EFI VARIABLE GUI...

CVE-2024-47505

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS.When specific SNMP GET operations or specifi...

Fedora: Security Advisory for golang-github-segmentio-ksuid (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: golang-github-segmentio-ksuid-1.0.4-3.fc35

K-Sortable Globally Unique IDs...

Fedora: Security Advisory for golang-github-segmentio-ksuid (FEDORA-2022-ba365d3703)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-segmentio-ksuid-1.0.4-3.fc36

K-Sortable Globally Unique IDs...

CVE-2020-13186

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...

BOSH Director VM Agent Anonymous Endpoint Vulnerability

BOSH is an open source tool for deployment and lifecycle management of large-scale distributed systems, of which Director VM is a virtual machine and stemcell is an image. A security vulnerability exists in the endpoint of the Agent in the BOSH Director VM using stemcell versions prior to 3232.6...

nodejs-node-uuid: insecure entropy source - Math.random()

It was found that NodeJS node-uuid used Math.random to create a GUID Globally Unique Identifier which does not provide enough entropy on some platforms it only provides 32 bits which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks...

kernel: validate size of EFI GUID partition entries

The isgptvalid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface EFI GUID Partition Table GPT entry, which allows physically proximate attackers to cause a denial of service heap-based buffer overflow and OOPS or obtain...

kernel: validate size of EFI GUID partition entries

The isgptvalid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface EFI GUID Partition Table GPT entry, which allows physically proximate attackers to cause a denial of service heap-based buffer overflow and OOPS or obtain...

MS:2F45D72B-98EA-4A11-AFBC-78D1C5BCF4C8

...

MS:9D70A910-F6CE-47C5-A404-4D8D6CAA6767

...