Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed warnings and UAF errors when destroying the MR list. If the MR allocation fails, the MR recovery process is not initialized, and the list is not cleared. This will result in warnings and UAF errors when releasing t...

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

PT-2025-43965

Name of the Vulnerable Software and Affected Versions Rox affected versions not specified Description The software contains a PHP object injection issue due to deserialization of untrusted data. User-controlled input, specifically the formkit memory recovery POST parameter in...

BeWelcome 安全漏洞

BeWelcome is a travel sharing site open-sourced by BeWelcome. BeWelcome has a security vulnerability that stems from improper handling of deserialization of the POST parameters formkitmemoryrecovery and memory cookie bwRemember, which could lead to a PHP object injection attack...

EUVD-2011-3223

Malware in sbrugna...

CVE-2023-53427

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix warning and UAF when destroy the MR list If the MR allocate failed, the MR recovery work not initialized and list not cleared. Then will be warning and UAF when release the MR: WARNING: CPU: 4 PID: 824 at...

CVE-2023-53427 cifs: Fix warning and UAF when destroy the MR list

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix warning and UAF when destroy the MR list If the MR allocate failed, the MR recovery work not initialized and list not cleared. Then will be warning and UAF when release the MR: WARNING: CPU: 4 PID: 824 at...

Advisory ROSA-SA-2024-2457

Software: snappy 1.1.8 OS: ROSA Virtualization 2.1 packageevrstring: snappy-1.1.8 CVE-ID: CVE-2023-28115 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the generateFromHtml function of the PHP Snappy library involves the recovery of invalid data from memory. Exploitation of the...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

ROS-20240521-05

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...

CVE-2023-0248

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

The vulnerability of the commons-beanutils component in the open-source Apache Jackrabbit content storage framework allows a perpetrator to execute arbitrary code.

The vulnerability of the commons-beanutils component in the open-source Apache Jackrabbit content storage framework relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the software platform for operating data management systems, related to the restoration of unreliable data in memory, allows a perpetrator to read and update arbitrary data from various system catalogs. This vulnerability enables unauthorized access and manipulation of system functions.

The vulnerability of the software platform for operating data management in ABB Ability zenon relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows an attacker to read and update arbitrary data in various system catalogs...

The vulnerability of the JDBC platform integration data processing server Apache InLong’s URL address handler allows a attacker to execute arbitrary code.

The vulnerability of the JDBC URL connection handler of the Apache InLong data integration platform is related to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Apache Flume software for transmitting large volumes of streaming data lies in its memory-recovery mechanism for unreliable data. This vulnerability allows a hacker to execute arbitrary code.

The vulnerability of the Apache Flume software for transmitting large volumes of streaming data is related to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Design/Logic Flaw

The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service resource consumption by making many connection attempts...

Version-independent IOS shellcode

Version-independent IOS shellcode. Shellcode exploit for hardware platform Version-independent IOS shellcode, Andy Davis 2008 No hard-coded IOS addresses required The technique uses 4-byte signatures near references to the required addresses within the IOS "text" memory region. The addresses are...