20 matches found
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of clearing dirty inodes in f2fsevictinode. As reported by Yanming in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215904 The kernel message is as follows: Kernel BUG at fs/f2fs/inode.c:825! Call...
Linux kernel å®å Øę¼ę“
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the CNID counting check used in the HFS file system. This bug can trigger errors when the MDB is...
CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
CVE-2025-14576 Possible QML code injection in VectorImage component
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
OpenClaw: Node exec approvals could be replayed across nodes
Summary exec.approval requests for host=node were not explicitly bound to the target nodeId, so an approval intended for one node could be replayed for a different node under the same operator-controlled gateway fleet. Impact An operator approval for a system.run request could be reused across...
free5GC å®å Øę¼ę“
Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC 4.1.0 and earlier contain security vulnerabilities, which stem from incorrect operations on the ResolveNodeIdToIp function in the internal/sbi/processor/datapath.go file. These vulnerabilities may...
CLSA-2026-1768911433 python3.11: Fix of CVE-2025-12084
CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in freenidlist As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fsallocnid to detect any potential corruption in freenidlist...
CVE-2025-65563
A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...
CVE-2025-65563
A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...
UBUNTU-CVE-2025-68315
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in freenidlist As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fsallocnid to detect any potential corruption in freenidlist...
CVE-2025-68315
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in freenidlist As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fsallocnid to detect any potential corruption in freenidlist...
Updated python3 packages fix security vulnerabilities
Excessive read buffering DoS in http.client. CVE-2025-13836 Out-of-memory when loading Plist. CVE-2025-13837 Quadratic complexity in node ID cache clearing. CVE-2025-12084...
Quadratic complexity in node ID cache clearing
...
CVE-2025-12084 Quadratic complexity in node ID cache clearing
When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...
CVE-2021-31851
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface...
CVE-2024-7322
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service DoS. To recover from this DoS, the network must be re-established...
Open Microscopy Environment OMERO.server Information Disclosure Vulnerability
Open Microscopy Environment OMERO.server is an open source image management platform. The platform supports a variety of image file formats , and image management , viewing and editing operations. An information disclosure vulnerability exists in Open Microscopy Environment OMERO.server versions...
Project and Project issue tracking - Access bypass
The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...
Project issue tracking - Access bypass
If a remote user knows the node identifier of an issue that has been marked private using a node access module simpleaccess, nodeprivacybyrole, etc, they can use a specially crafted URL to view the contents of the node, regardless of their own privileges. All that is required is the "access proje...