Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereferencing in aerratelimit When platform firmware provides error information to the OS, for example, via the ACPI APEI GHES mechanism, it may identify a device that does not advertise an AER...

CVE-2025-40034

CVE-2025-40034 concerns the Linux kernel. A NULL pointer dereference could occur in aer_ratelimit() when a platform firmware-provided error (e.g., via APEI GHES) identifies a device that does not advertise an AER Capability, leaving dev->aer_info NULL. The issue existed because pci_dev_aer_sta...

CVE-2025-40034 PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

CVE-2025-40034 PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

EUVD-2021-19514

Malware in sbrugna...

EUVD-2021-19501

Malware in sbrugna...

EUVD-2021-19499

Malware in sbrugna...

CVE-2025-59348

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the AddTraffic method call, instead of the...

Broken Rate Limiting

Description The request rate limiting feature on the login page can be bypassed. If we look at the code in src/Controller/Frontend/Account/LoginAction.php php $this-rateLimit-checkRequestRateLimit$request, 'login', 30, 5; We see that checkRequestRateLimit is invoked with a restriction of a maxmim...

PoW-Shield - Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA

Project dedicated to provide DDoS protection with proof-of-work Description PoW Shield provides DDoS protection on OSI application layer by acting as a proxy that utilizes proof of work between the backend service and the end user. This project aims to provide an alternative to general captcha...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1068-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1068-1 advisory. - A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1068-1 Rating: important References: 1181445 1181803 1181804 1188247 1188248 1188249 1188250 1188251 1188252 1188253 1188254 1188255 1188256 Cross-References: CVE-2020-8293 CVE-2020-8294 CVE-2020-8295...

OPENSUSE-SU-2021:1068-1 Security update for nextcloud

This update for nextcloud fixes the following issues: nextcloud was updated to 20.0.11: - Fix boo1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo1188249 -...

CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

CVE-2021-32741

CVE-2021-32741 : Nextcloud Server versions before 19.0.13, 20.0.11, and 21.0.3 lacked ratelimiting on the public share link mount endpoint, enabling enumeration of potentially valid share tokens. The issue is fixed in the corresponding updated releases (19.0.13, 20.0.11, 21.0.3). No public workar...

CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

CVE-2021-32703

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13,...

CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...