Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: For the m68k architecture, the bus error is only forced if the PC is not in the exception table. The getkernelnofault function copies data in supervisor mode when forcing a task backtrace log through /proc/sysrqtrigger. This is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improved page fault error reporting If the IOMMU domain for the device group is not properly set up, we may encounter an IOMMU page fault. The current page fault handler assumes that the domain is always set up...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: xattr: fixed buffer overflow for invalid xattr values. When the xattr size is not as expected, it is printed out to the kernel log in hexadecimal format as a form of debugging. However, when that xattr size is larger than...

CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

EUVD-2026-25626

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)

Summary The fix for CVE-2026-30869 in SiYuan v3.5.10 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding %252e%252e to traverse directories and read arbitrary...

Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...

CVE-2022-50721

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990492 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it ...

EUVD-2013-0265

Malware in sbrugna...

EUVD-2000-0742

Malware in sbrugna...

EUVD-2005-3852

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986500 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it ...

DEBIAN-CVE-2025-39753

In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .migratefolio in gfs2rgrp,metaaops Clears up the warning added in 7ee3647243e5 "migrate: Remove call to -writepage" that occurs in various xfstests, causing "something found in dmesg" failures. 341.136573 gfs2metaaops...

Linux Distros Unpatched Vulnerability : CVE-2024-40902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of...

CVE-2022-39897

Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log...

CVE-2022-0882

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZXRSRCKINDROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater...

CVE-2024-57991

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: chan: fix soft lockup in rtw89entityrecalcmgntroles During rtw89entityrecalcmgntroles, there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, shou...

CVE-2024-53120 net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5tcctentryaddrule, in case ctruleadd callback returns error, zonerule-attr is used uninitiated. Fix it to use attr which has the needed pointer value...