BIT-MEDIAWIKI-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...

DEBIAN-CVE-2022-49945

In the Linux kernel, the following vulnerability has been resolved: hwmon: gpio-fan Fix array out of bounds access The driver does not check if the cooling state passed to gpiofansetcurstate exceeds the maximum cooling state as stored in fandata-numspeeds. Since the cooling state is later used as...

SUSE CVE-2025-49176

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...

CVE-2025-49176

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ipv4: Use RCU protection in iprtupdatepmtu. iprtupdatepmtu must use RCU protection to ensure that the network structure it reads does not disappear...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamping the maximum hashtable size to INTMAX The maximum size of the conntrack hashtable should be set to INTMAX. Otherwise, it is possible to encounter a WARNONONCE error in kvmallocnodenoprof when resizin...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialization when the number of links is greater than maxlinks. Reason The Coverity report indicates an OVERRUN warning. There are only maxlinks elements within dc-links. The number of links can...

Astra Linux – Vulnerability in libarchive

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX – 4 content bytes. An attacker could create a malicious WARC archive to induce this overflow,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: bounds checks were added to the host bulk flow fairness counts. Although we fixed a logic error in the commit cited below, the syzbot still managed to cause an underflow in the per-host bulk flow counters, resulti...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ceph: Stopping functions that attempt paths longer than PATHMAX If the full path to be built by cephmdscbuildpath is longer than PATHMAX, this function will enter an endless loop, effectively blocking the entire task. Most of the...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUSMAX As noted by Anssi some 20 years ago, pool report is sometimes messed up. This worked fine on many devices but casued oops on VRS DirectForce PRO. Here, we're...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAXSKBFRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netifnapiaddweightlocked+0x8f2/0xba0 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...

Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

AZL-63695 CVE-2025-47950 affecting package coredns for versions less than 1.11.1-19

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

kernel: ext4: avoid online resizing failures due to oversized flex bg

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbgsize, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARNO...

The vulnerability of the SATA_DWC_QCMD_MAX() function in the Linux kernel driver/ata/sata_dwc_460ex.c file allows a hacker to cause a service failure.

The vulnerability of the SATADWCQCMDMAX function in the Linux kernel’s drivers/ata/satadwc460ex.c file is related to read errors outside of the allowed range. Exploiting this vulnerability can allow an attacker to cause a service failure...

BitHydra: Towards Bit-Flip Inference Cost Attack against Large Language Models

Large language models LLMs have shown impressive capabilities across a wide range of applications, but their ever-increasing size and resource demands make them vulnerable to inference cost attacks, where attackers induce victim LLMs to generate the longest possible output content. In this paper,...

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...