54270 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nbd: Always initialize struct msghdr completely. syzbot reports that the value of msg-msggetinq may be uninitialized 1. The struct msghdr has many new fields recently. We should always ensure that their values are zero by...
Astra Linux - уязвимость в edk2
EDK2 is vulnerable to a vulnerability in the Tcg2MeasurePeImage function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...
Astra Linux - уязвимость в apache2
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Astra Linux - уязвимость в edk2
A BIOS bug in the firmware of a specific PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently cause damage to the system’s performance...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. do ethtool offline test followed immediately by another one host...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mtd: Fixed NULL pointer dereferencing caused by the ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereferencing when trying to access ‘gluebi-desc’ in gluebiread. The issue arises...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: bfa: Fixed a use-after-free in bfadimmoduleexit. BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20. A size 8 read was performed at address ffff8881082d80c8 by task modprobe/25303. Call Trace:...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: A use-after-free issue in getinfo has been fixed. The unloading of the ip6tablenat module caused a refcnt warning due to a UAF. The call trace is as follows: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: Cleanup in all error paths when enabling SR-IOV After commit 50f303496d92 “igb: Enabling SR-IOV after reinit”, removing the igb module could cause a hang or crash depending on the machine when the module was loaded with t...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ipvs: Deferring the unregistration of ipvsftp during netns cleanup. During the netns cleanup process, ipvsftpexit may unregister ipvsftp before all connections with valid cp-app pointers are flushed, leading to a use-after-free...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Counter: Interrupt-cnt: Remove the IRQFNOTHREAD flag An IRQ handler can either use IRQFNOTHREAD or acquire spinlockt. As noted by CONFIGPROVERAWLOCKNESTING: ============================= BUG: Invalid wait context 6.18.0-rc1+git...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: LSM: General protection fault in legacyparseparam The usual LSM hook mechanism of “bailing on failure” doesn’t work in cases where a security module may return an error code indicating that it doesn’t recognize an input. In this...
MAL-2026-4493 Malicious code in axiosqqq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...
SUSE CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
Malicious code in ethers-wallet-packages (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beda1480a40189cc8177ace4e3d6fd9773ad81f4cbe5a6c07e3004427846dc8d The package impersonates the legitimate @ethersproject/wallet source files are otherwise verbatim copies, including the internal version string...
ALPINE-CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
EUVD-2026-31010
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...