Astra Linux - уязвимость в linux, linux-5.10

Rogue backends can cause Denial of Service DoS attacks on guests through high-frequency events. This CNA information record relates to multiple Common Vulnerabilities and Exposures CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Xen allows for the execution of PV...

GHSA-3888-Q23F-X7QH October CMS has Safe Mode Bypass via CSS Preprocessor Compilers

A server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the compiler's import functionality to read arbitrary files from the server. This worked even...

SUSE-SU-2026:21100-1 Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. - CVE-2026-22999: net/sched: schqfq: do not fre...

SUSE-SU-2026:21006-1 Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. - CVE-2026-22999: net/sched: schqfq: do not fre...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

CVE-2025-13918

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are...

CVE-2026-23728 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=DestinoControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=DestinoControle...

EUVD-2026-3115

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...

SUSE-SU-2025:3987-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-1507005311 fixes several issues. The following security issues were fixed: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. - CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207...

SUSE-SU-2025:03223-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

NetIQ iManager 跨站请求伪造漏洞

NetIQ iManager is an advanced Web-based management console from NetIQ UK. Customized, secure access to network management utilities and content can be provided from any location in the world. A cross-site request forgery vulnerability exists in NetIQ iManager 3.2 Service Pack 6 Patch 3 Hotfix 1...

OESA-2024-1623 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to...

CVE-2024-34090

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. The login banner in the Archer Control Panel ACP did not previously escape content appropriately. 6.14 P3 6.14.0.3 is also a fixed release...

FreeRDP 安全漏洞

FreeRDP is a freeware program that implements the Remote Desktop Protocol, which is mainly used to connect and manage Windows servers remotely. FreeRDP had a memory corruption vulnerability in versions prior to 3.5.1, where a malicious server could crash a FreeRDP client by sending invalid huge...

PYSEC-2022-269

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

CVE-2022-22189

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...

PT-2021-23999 · Freertos · Freertos

Name of the Vulnerable Software and Affected Versions: FreeRTOS versions 10.2.0 through 10.4.5 FreeRTOS versions through 10.4.6 Description: The issue affects FreeRTOS on ARMv7-M and ARMv8-M MPU platforms, where non-kernel code can call internal functions to raise privilege. This can lead to...

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is a next-generation identity and access control policy platform that enables organizations to enforce compliance, enhance infrastructure security, and streamline their service operations. A stored cross-site scripting vulnerability exists in the Web management...

DEBIAN-CVE-2021-27135

xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining character sequence...

IBM QRadar SIEM XML Entity Injection Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...