Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Correct tid cleanup when tid setup fails. Currently, if any error occurs during ath12kdprxpeertidsetup, the tid value is already incremented, even though the corresponding TID is not actually allocated. The function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is counted as a MMCID user before it becomes visible in the process’ thread list and the global task list. This creates the following problem: CPU1 CPU2...

EUVD-2024-24108

Malicious code in bioql PyPI...

EUVD-2024-53801

Malicious code in bioql PyPI...

CVE-2025-38544 rxrpc: Fix bug due to prealloc collision

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...

Malicious code in ng2-id-mgmt (npm)

The package ng2-id-mgmt was found to contain malicious code...

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities -...

CVE-2025-26598

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

CVE-2022-43687

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...

CVE-2021-34428

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...

idm:DL1 security update

slapi-nis 0.56.6-2 - CVE 2021-3480: idm:DL1/slapi-nis: NULL dereference DoS with specially crafted Binding DN - Resolves: rhbz1944713...

Logic flaw vulnerability in the Witness Magic management system

Human ID magic management system is entropy-based technology for the "human ID" and independent research and development of the civil identity verification "real person" system platform. There is a logic flaw vulnerability in the system, which can be exploited by attackers to obtain sensitive...

CVE-2019-4066

IBM Intelligent Operations Center IOC 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011...

Design/Logic Flaw

IBM Intelligent Operations Center IOC 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011...

Security Bulletin: IBM® Intelligent Operations Center has a weak user-creation policy (CVE-2019-4066)

Summary An authenticated user can create users with malformed user IDs in IBM® Intelligent Operations Center so that these new users cannot be deleted later from the system. Because the malformed users cannot be deleted at the application level, this is a denial of service issue. Vulnerability...

SYS.1.3 Server unter Unix

Zielsetzung des Bausteins ist der Schutz von Informationen, die von Unix-Servern verarbeitet werden. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...