9972 matches found
GoBGP 安全漏洞
GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained security vulnerabilities. These vulnerabilities stemmed from a function in the SRv6 L3 Service component called pkg/packet/bgp/prefixsid.go. The function...
Revisiting JBShield: Breaking and Rebuilding Representation-Level Jailbreak Defenses
Defending large language models LLMs against jailbreak attacks, such as Greedy Coordinate Gradient GCG, remains a challenge, particularly under adaptive threat models where an attacker directly targets the defense mechanism. JBShield, a recent jailbreak defense with a 0% attack success rate in so...
PT-2026-37201
CVE-2026-42312 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/ADtnuQJj56...
Hydra Network Logon Cracker 9.7
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus...
Astra Linux – Vulnerability in Qemu
The ethgetgsotype function in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process by sending packet data that lacks a valid Layer 3 protocol...
Astra Linux – Vulnerability in gnutls28
A issue was discovered in GnuTLS before version 3.6.15. A server can cause a NULL pointer dereferencing in a TLS 1.3 client if a norenegotiation alert is sent at an unexpected time, resulting in an invalid second handshake. The crash occurs during the application’s error handling process, where t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a slab-use-after-free error in l2capsendcmd. After the hci sync command releases the l2capconn, the hci receive data work queue references the released l2cap Conn when sending data to the upper layer...
Astra Linux – Vulnerability in python-cryptography
A flaw was discovered in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which could result in the exposure of confidential or sensitive data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the “block” layer, do not call “rqqosops-donebio” if the bio data structure is not being tracked. The “rqqos” framework is only applied on request-based drivers. Therefore: 1 The “rqqosdonebio” function is not necessary for...
Astra Linux – Vulnerability in Ruby2.5, JRuby
A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. The Net::IMAP library does not raise an exception when the StartTLS command fails with an unknown response. This may allow man-in-the-middle attackers to bypass TLS protections by leveraging the network...
Astra Linux – Vulnerability in Apache2
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sock: The protection check for psock vs. ULP needs to be reimplemented. Commit 8a59f9d1e3d4 “sock: Introduce sk-skprot-psockupdateskprot” has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function....
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block: Fix to add folio to bio. A size of 4GB for folio is possible on some ARCHs, such as aarch64. A size of 16GB for hugepage is also supported. However, the “offset” of folio cannot be stored in “unsigned int”, which causes a...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: s390/qeth: Fixed a kernel panic that occurred after setting the hsuid attribute. Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device, while the corresponding network interface is already up, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Fixed a memory leak in l2tpudpencaprecv. syzbot reported a memory leak in struct l2tpsession, l2tptunnel, sock, etc. 0 The referenced commit moved the validation of the protocol version in l2tpudpencaprecv. The new...
Astra Linux – Vulnerability found in libsdl1.2, libsdl2, and sdl-image1.2
In SDL Simple DirectMediaLayer, versions from 1.2.15 up to 2.x, and then from 2.0.9 onwards, there is a heap-based buffer over-read issue in the BlitNtoN function within the video/SDLblitN.c file, when it is called from the SDLSoftBlit function in the video/SDLblit.c file...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. The supported versions affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. The vulnerability is difficult to exploit; an unauthenticated...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. The supported versions affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows an unauthenticated attacke...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tls: Stop recv if the initial processrxlist contains a record that is not of the DATA type. If there is a record on rxlist that is not of the DATA type, and there is another record of the same type still in the queue, we will mer...
Astra Linux – Vulnerability in python-urllib3
The urllib3 library before version 1.24.2 in Python mishandles certain cases where the desired set of CA certificates differs from the CA certificates stored in the operating system’s store. As a result, SSL connections succeed in situations where a verification failure would be the correct...