239 matches found
PT-2026-43221
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the race condition between balance operations and cancel/pause requests. Syzbot reported a panic that looked like this: Assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fixed the issue of “not skipping locked entries when scanning entries”. The commit 6be3e21d25ca “fs/dax: not skipping locked entries when scanning entries” introduced a new function, waitentryunlockedexclusive, which wait...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the BUGON condition in btrfscancelbalance. Pausing and canceling balance can race to interrupt balance, leading to a BUGON panic in btrfscancelbalance. The BUGON condition in btrfscancelbalance does not take this rac...
curl: CVE-2026-9080: UAF after pause in socket callback
Hi all, We've found a heap-use-after-free in lib/multiev.c triggered by calling curleasypause from within a CURLMOPTSOCKETFUNCTION callback. ASAN-confirmed with the self-contained reproducer below. Affected versions: 8.13.0 – 8.20.0 current. The entry-action write line 280 has been vulnerable sin...
CVE-2026-42592
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...
curl: HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB
Hi all, When a libcurl application's CURLOPTWRITEFUNCTION returns CURLWRITEFUNCPAUSE, libcurl routes subsequent incoming body data through cw-pause lib/cw-pause.c. The bufq inside cw-pause is initialised with BUFQOPTSOFTLIMIT and a chunk size of 16 KiB lib/cw-pause.c:51-52, which causes bufq to...
@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script
Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...
Malicious Package
Overview chai-as-pause is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in chai-as-pause (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6bc450b711e5bfeca160d6a4836ce78f7da759812438fbf0701cf8c2f95e38d The package chai-as-pause was found to contain malicious code. Source: ghsa-malware 58583a4b9f33e23b3cafb853c51539fbe79e149a4d6e5cdfafa98713d32e64cd...
MAL-2026-1013 Malicious code in chai-as-pause (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6bc450b711e5bfeca160d6a4836ce78f7da759812438fbf0701cf8c2f95e38d The package chai-as-pause was found to contain malicious code. Source: ghsa-malware 58583a4b9f33e23b3cafb853c51539fbe79e149a4d6e5cdfafa98713d32e64cd...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the pause state for the calctarget component. This vulnerability may cau...
CVE-2025-71104
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...
CVE-2025-71104 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...
CVE-2025-52435
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...
CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...
EUVD-2026-1854
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...
CVE-2025-52435
CVE-2025-52435 affects Apache NimBLE (Mynewt NimBLE) up to version 1.8.0. The issue is caused by improper handling of the Pause Encryption procedure on the Link Layer, which can leave a previously encrypted connection in an unencrypted state and allow an eavesdropper to observe the remainder of t...
CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...
CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...