Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they aren’t eliminated through dead code elimination. However, this can lead ...

Upgraded Q -> 2 from #596 [1677228840417]

Judge has assessed an item in Issue 596 as 2 risk. The relevant finding follows: withdraw and redeem function withdraw IERC4626 vault, address to, uint256 amount, uint256 maxSharesOut public payable virtual override returns uint256 sharesOut ERC20addressvault.safeApproveaddressvault, amount; if...

PYSEC-2021-432

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

Denial Of Service (DoS)

rh-postgresql96-postgresql is vulnerable to denial of service DoS attacks. The vulnerability exists as invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can...

Medium: postgresql95, postgresql96

Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL...