Astra Linux - уязвимость в exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A assertion failure occurs when Exiv2 is used to modify the metadata of a specially crafted image file. An attacker could potentially exploit this vulnerability to cause a...

GHSA-WJ55-88GF-X564 OpenClaw may have stale policy enforcement for queued node actions

Summary Queued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

GHSA-WQ58-2PVG-5H4F OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers

Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...

GHSA-6MQC-JQH6-X8FC OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication

Summary Before v2026.3.23, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because authorizeCanvasRequest... treated isLocalDirectRequest... as an unconditional allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 -...

OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty

OpenClaw's Microsoft Teams plugin widened group sender authorization when a team/channel route allowlist was configured but groupAllowFrom was empty. Before the fix, a matching route allowlist entry could cause the message handler to synthesize wildcard sender authorization for that route, allowi...

OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode

Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...

sqlparse: formatting list of tuples leads to denial of service

Summary The below gist hangs while attempting to format a long list of tuples. This was found while drafting a regression test for Dja ngo 5.2's composite primary key feature, which allows querying composite fields with tuples...

CVE-2024-57937

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-57937

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-57937

...

CVE-2024-57937

CVE-2024-57937 is rejected and not used according to the Initial Description.

DEBIAN-CVE-2024-56633

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg The current sk memory accounting logic in SKREDIRECT is pre-uncharging tosend bytes, which is either msg-sg.size or a smaller value applybytes. Potential problems with this...

Fedora 41 : subversion (2024-93e88b1c0d)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-93e88b1c0d advisory. This release contains a fix for a security issue: CVE-2024-46901 See https://subversion.apache.org/security/CVE-2024-46901-advisory.txt for more...

Use after free in Wasmtime

There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default then you are not affected. If you are explicitly disabling the Wasm referenc...

Flaw in `realloc` allows reading unknown memory

When reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There are oldsize number of bytes in the old allocation, but we were accidentally copying newsize number of bytes, which could lead to copying bytes into the realloc'd space from past the chu...

CVE-2019-17402

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp, because there is no validation of the relationship of the total size to the offset and size...

SUSE-SU-2017:1611-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357 - The incorrectly defined constant OTMPFILE has been...

Apple WebKit - Document::adoptNode Use-After-Free Exploit

Exploit for multiple platform in category dos / poc var s = document.body.appendChilddocument.createElement'script'; s.type = '0'; s.textContent = 'document.body.appendChildparent.i0'; var i0 = s.appendChilddocument.createElement'iframe'; s.type = ''; var f =...

WebKit: Use-After-Free via Document::adoptNode (CVE-2017-2468)

This is a regression test from: https://crbug.com/541206. But I think it seems not possible to turn it into an UXSS in WebKit. PoC: var s = document.body.appendChilddocument.createElement'script'; s.type = '0'; s.textContent = 'document.body.appendChildparent.i0'; var i0 =...