29007 matches found
CVE-2026-33324
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and th...
CVE-2026-33324
SQLBot’s Text-to-SQL prompt injection vulnerability affects versions 1.7.0 and earlier, where the user’s question is concatenated into the LLM prompt and the resulting SQL is executed without validation. An authenticated attacker can craft a malicious query to coerce the LLM into generating and r...
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...
From Foundation to Force: Your Guide to Operationalizing Wiz at Scale
Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the issue where the XDP program was unloaded while the driver was being removed. The commit 6533e558c650 “i40e: Fixed the reset path while removing the driver” introduced a new PF state "I40EINREMOVE" to prevent...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: Hub – Ignoring non-compliant devices with too many configurations or interfaces Robert Morris created a test program that can cause usbhubtostructhub to dereference a NULL or inappropriate pointer. Oops: General Protection...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel up to version 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory through a Speculative Store Bypass side-channel attack, because the protection mechanism ignores the possibility of uninitialized memory locations within the BPF stack...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bonding: Check xdp program when setting the bond mode. The following operations may trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp ob...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed kernel address leakage in atomic cmpxchg operations with R0 as an auxiliary register. The implementation of BPFCMPXCHG at a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG +...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel’s BPF subsystem. This...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: A stack-out-of-bounds write occurred in devmap. The function getupperifindexes iterates over all upper devices and writes their indices into an array without checking bounds. As a result, callers may assume that the maximum...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: prevents the LSM program from leaking after a failed attach. In 0, we added the ability to use bpfprogattach for LSM programs within cgroups. However, during our validation to ensure that the program is indeed attached to...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Detecting IP == ksym.end as part of the BPF program Now, since bpfthrow is the first call instruction with noreturn semantics within the verifier, this also leads to the elimination of dead code in unprecedented ways. For...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect The rxq structure contains a pointer to the device from which the redirect occurred. Currently, the BPF program that is executed after a redirect via BPFMAPTYPEDEVMAP does not set this...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed potential improper pointer dereferencing in bpfsysbpf. The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case, the argument union bpfattr pointer along...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a null pointer dereference in the resolveprogtype function for BPFPROGTYPEEXT. When loading an EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this point, calling resolveprogtype...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remapping EPERM in case of connection failure in xstcpsetupsocket. When using a BPF program on kernelconnect, the call may return -EPERM. This causes xstcpsetupsocket to loop indefinitely, filling up the syslog and...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null check was added for toppipetoprogram in the commitplanesforstream function. This fix addresses a null pointer dereferencing issue in the commitplanesforstream function at line 4140. The issue could occur...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fixed an invalid progarray access in perfeventdetachbpfprog Syzbot reported a crash that occurs in the following tracing scenario: - Create a tracepoint with attr.inherit=1, attach it to the process, and set the BPF...