Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before the commit of f33f2d4c7c80 “s390/bp: remove TIFISOLATEBP”, all entry handlers loaded r12 with the current task pointer lg %r12, LCCURRENT for use by the BPENTER/BPEXIT macros...

CVE-2026-31556

A flaw was found in the Linux kernel's XFS filesystem component. During quota scrubbing, the xchkquotaitem function could exit prematurely without releasing a critical lock. This can result in lock leaks or deadlocks in subsequent quota operations, potentially leading to system instability or a...

TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...

GHSA-XVV6-P4WF-MVX7 TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An attacker can obtain sensitive user credentials by accessing the uc and...

OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage

OpenClaw's macOS Dashboard flow exposed Gateway authentication material to browser-controlled surfaces. Before the fix, the macOS app appended the shared Gateway token and password to the Dashboard URL query string when opening the Control UI in the browser. The Control UI then imported the token...

Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

Rethinking DDoS Defense: Why Scale Isn’t the Only Metric That Matters

In recent months, headlines have drawn attention to record-breaking DDoS attacks, often measured in terabits per second Tbps and accompanied by declarations of network capacity in the hundreds of Tbps. These figures, while impressive, can create a misleading narrative about what truly matters in...

EUVD-2023-0828

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-28693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xen/arm: Boot modules are not scrubbed The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen to each...

Enhancing LLM Watermark Resilience against Both Scrubbing and Spoofing Attacks

Watermarking is a promising defense against the misuse of large language models LLMs, yet it remains vulnerable to scrubbing and spoofing attacks. This vulnerability stems from an inherent trade-off governed by watermark window size: smaller windows resist scrubbing better but are easier to...

CVE-2023-28117

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...

CVE-2025-37959

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpfredirectpeer When bpfredirectpeer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another...

UBUNTU-CVE-2025-37959

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpfredirectpeer When bpfredirectpeer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another...

CVE-2025-37959

CVE-2025-37959 (Linux kernel) : When using bpf_redirect_peer to forward packets to a device in a different network namespace, skb data is not scrubbed, causing possible leakage of namespace-specific information. The issue arises because the packet’s XFRM state and skb extensions persist across ne...

CVE-2025-37959 bpf: Scrub packet on bpf_redirect_peer

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpfredirectpeer When bpfredirectpeer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another...

CVE-2023-34321

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes such as the ones during scrubbing have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the...

arm32: The cache may not be properly cleaned/invalidated

ISSUE DESCRIPTION Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes such as the ones during scrubbing have reached memory before handing over the page to a guest. Unfortunately, the...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

USN-5964-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to...