PT-2026-48677

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

EUVD-2022-3763

Malicious code in bioql PyPI...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nsh: Added skb-protocol, data, macheader to the outer header in nshgsosegment. The syzbot exploited various vulnerabilities by using a crafted GSO packet for VIRTIONETHDRGSOUDP that included the following protocols: ETHP8021AD...

UBUNTU-CVE-2022-48946

In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree header instead. Fix the problem and use udfdeleteaext for deleting...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a possible concurrent list addition issue in the btrfs module when adding block groups to retry lists and unus...

UBUNTU-CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-protocol,data,macheader for outer header in nshgsosegment. syzbot triggered various splats see 0 and links by a crafted GSO packet of VIRTIONETHDRGSOUDP layering the following protocols: ETHP8021AD + ETHPNSH +...

SUSE CVE-2021-47036

In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIFFGROFRAGLIST or NETIFFGROUDPFWD are enabled, and there are UDP tunnels available in the system, udpgroreceive could end-up doing L4 aggregation either SKBGSOUDPL4 or...

DEBIAN-CVE-2021-47036

In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIFFGROFRAGLIST or NETIFFGROUDPFWD are enabled, and there are UDP tunnels available in the system, udpgroreceive could end-up doing L4 aggregation either SKBGSOUDPL4 or...

UBUNTU-CVE-2021-47036

In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIFFGROFRAGLIST or NETIFFGROUDPFWD are enabled, and there are UDP tunnels available in the system, udpgroreceive could end-up doing L4 aggregation either SKBGSOUDPL4 or...

CVE-2016-0034

Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service object-header corruption via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."...

MS Internet Explorer 6 - 8 Content-Encoding Memory Corruption

No description provided by source. MSIE Content-Encoding: deflate memory corruption vulnerability a.k.a. MSRC 8769, MS09-054, CVE-2009-1547, “Data Stream Header Corruption Vulnerability” Microsoft fixed a bug in Internet Explorer’s “Content-Encoding:deflate” implementation. Here are two...

MSIE Content-Encoding: Deflate Memory Corruption

MSIE Content-Encoding: deflate memory corruption vulnerability a.k.a. MSRC 8769, MS09-054, CVE-2009-1547, “Data Stream Header Corruption Vulnerability” Microsoft fixed a bug in Internet Explorer’s “Content-Encoding:deflate” implementation. Here are two HTTP replies that trigger the bug:...

OSM Line Card Header Corruption Vulnerability

...