Astra Linux - уязвимость в linux, linux-5.10

There is a use-after-free in iouring in the Linux kernel. The signalfdpoll and binderpoll functions use a waitqueue whose lifetime is the current task. The waitqueue will send a POLLFREE notification to all waiters before it is freed. Unfortunately, the iouring poll does not handle POLFREE. This...

[slackware-security] gvfs

New gvfs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gvfs-1.48.1-i586-2slack15.0.txz: Rebuilt. This update fixes security issues: ftp: Use control connection address for PASV data. ftp:...

GO-2026-4432 EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve

EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve...

GO-2026-4422 EVE Freely Allocates Buffer on The Stack With Data From Socket in github.com/lf-edge/eve

EVE Freely Allocates Buffer on The Stack With Data From Socket in github.com/lf-edge/eve...

CVE-2023-4522

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

EUVD-2020-7680

Malware in sbrugna...

EUVD-2024-54482

Malicious code in bioql PyPI...

EUVD-2024-22912

Malicious code in bioql PyPI...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2025-2125)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

Linux Distros Unpatched Vulnerability : CVE-2025-58056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions...

UBUNTU-CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

Malicious code in omega-cms-lf-ng-md-file-input (npm)

The package omega-cms-lf-ng-md-file-input was found to contain malicious code...

MAL-2025-10187 Malicious code in @zalastax/nolb-_lf (npm)

The package @zalastax/nolb-lf was found to contain malicious code...

MAL-2025-28210 Malicious code in omega-cms-lf-ng-md-file-input (npm)

The package omega-cms-lf-ng-md-file-input was found to contain malicious code...

SUSE CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

GO-2025-3799 LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper

LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper...

CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

LF Edge eKuiper SQL注入漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A SQL injection vulnerability exists in LF Edge eKuiper versions prior to 2.2.1, which stems from a SQL injection vulnerability in the getLast API function that could lead to the execution of arbitrary SQ...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...