Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Do not pass actlen in the usbbulkmsg error path. syzbot reported that actlen in kalmiasendinitpacket is uninitialized when it is passed to the first usbbulkmsg error path. Jiri Pirko noted that it is pointless to...

ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

CVE-2026-5265 Ovn: ovn: heap over-read in icmp error response generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

EUVD-2023-60171

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...

EUVD-2008-2705

Malware in sbrugna...

EUVD-2023-31255

Malicious code in bioql PyPI...

kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in kalmiasendinitpacket is uninitialized when passing it to the first usbbulkmsg error path. Jiri Pirko noted that it's pointless to pass it ...

CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

CVE-2025-26696

CVE-2025-26696 affects Mozilla Thunderbird and is triggered by certain crafted MIME messages that claim to contain an encrypted OpenPGP message but actually contain an OpenPGP signed message, causing the UI to mis-display the content as encrypted. Public references in connected documents corrobor...

Linux Distros Unpatched Vulnerability : CVE-2023-52703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/usb: kalmia: Don't pass actlen in usbbulkmsg error path syzbot reported that actlen in kalmiasendinitpacket is uninitialized when passing it to the first...

UBUNTU-CVE-2024-49875

In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserrio to avoid warning Ext4 will throw -EBADMSG through ext4readdir when a checksum error occurs, resulting in the following WARNING. Fix it by mapping EBADMSG to nfserrio. nfsdbufferedreaddir iterated...

CVE-2024-23849

In rdsrecvtracklatency in net/rds/afrds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDSMSGRXDGRAMTRACEMAX comparison, resulting in out-of-bounds access...

After upgrade to VDA 2308, users getting message "You'll need a new app to open this ctxgeoloc link"

After upgrading to VDA 2308, when a user logs on, they receive a windows message stating: "You'll need a new app to open this ctxgeoloc link"...

CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet or the option length word, in case of an extended OPEN message, the FRR code reads of out of the bounds of the packet, throwing a SIGABRT...

KB5020448: Out-of-band update for Windows 7 SP1 and Server 2008 R2 SP1: October 17, 2022

KB5020448: Out-of-band update for Windows 7 SP1 and Server 2008 R2 SP1: October 17, 2022 Summary This update includes improvements for the following: It addresses an issue that might affect some types of Secure Sockets Layer SSL and Transport Layer Security TLS connections. These connections migh...

KB5020449: Out-of-band update for Windows Server 2012: October 17, 2022

KB5020449: Out-of-band update for Windows Server 2012: October 17, 2022 Summary This update includes improvements for the following: It addresses an issue that might affect some types of Secure Sockets Layer SSL and Transport Layer Security TLS connections. These connections might have handshake...

KB5020447: Out-of-band update for Windows 8.1 and Server 2012 R2: October 17, 2022

KB5020447: Out-of-band update for Windows 8.1 and Server 2012 R2: October 17, 2022 Summary This update includes improvements for the following: It addresses an issue that might affect some types of Secure Sockets Layer SSL and Transport Layer Security TLS connections. These connections might have...

Sql injection

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...

Microsoft Windows Multiple Vulnerabilities (KB4041693)

This host is missing a critical security update according to Microsoft KB4041693 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.10 - OpenJDK 7u141 bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-351...