Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: sf-pdma – Added multithreading support for DMA channels. When a DMA channel is obtained and tried to be used across multiple threads, it can lead to errors and cause the system to hang. The following commands can be...

CLSA-2026-1778768341 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: rose: locking the socket in rosebind - syzbot reported a soft lockup in roseloopbacktimer, where bind is called from multiple threads. RoseBind must lock the socket to avoid this issue...

Advisory ROSA-SA-2026-3234

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-6 affected versions curl-8.7.1-6 CVE-ID: CVE-2025-14017 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In multi-threaded LDAPS transfers in libcurl, changing TLS options in one thread changed them globally and could affect other...

CVE-2026-25997

CVE-2026-25997 affects FreeRDP prior to 3.23.0. The issue is a heap use-after-free in the clipboard path: the function xf_clipboard_format_equal reads freed lastSentFormats because xf_clipboard_formats_free frees the array while the X11 event thread concurrently iterates it in xf_clipboard_change...

MiracleLinux 3 : sos-1.7-9.62.0.1.AXS3 (AXSA:2012-526:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-526:01 advisory. Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging...

MiracleLinux 7 : sssd-1.15.2-50.el7.8 (AXSA:2017-2463:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2463:06 advisory. It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Video Framework module, which can be exploited by an attacker to cause...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992353 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and try t...

PT-2025-52977

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the dmaengine subsystem, specifically within the sf-pdma driver. A change introduced by commit b2cc5c465c2c altered the behavior of the sf pdma...

CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

CVE-2025-66328

Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Security Tool CVE-2025-55182 & CVE-2025-66478...

CVE-2025-66328

Technical details about CVE-2025-66328 are not provided in the supplied documents. Monitor for updates from Huawei and security feeds.

CVE-2025-66321

Summary of findings : The CVE-2025-66321 entry describes a multi-thread race condition vulnerability in Huawei’s HarmonyOS camera framework module . The underlying root cause is a race condition occurring in a multithreaded context, leading to a potential impact on availability . The connected CN...

CVE-2025-66321

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...

TencentOS Server 4: xz (TSSA-2025:0279)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-63927

A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 2019-07-08. During multi-threaded client execution, the function Iec10xScheduled can access memory that has already been freed, potentially causing program crashes or undefined behavior. This may be exploited to...

EUVD-2022-55411

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-50145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and...