algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the SSE event server being bound to 0.0.0.0:5553 by default, which could allow unauthorized network access...

Arbitrary Argument Injection

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Arbitrary Argument Injection via SymfonyRuntime::getInput when registerargcargv=On in web SAPIs. An attacker can modify the Symfony application environment and...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007290 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after...

SUSE SLES15 Security Update : kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1274-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1274-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: -...

SUSE-SU-2026:1187-1 Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes various security issues The following security issues were fixed: - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc bsc1258051. - CVE-2026-23111: netfilter: nftables: fix inverted genmask check in...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

EUVD-2025-26741

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in...

SUSE CVE-2025-38728

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

AZL-73845 CVE-2025-38728 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

AZL-66875 CVE-2025-38728 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-38728

CVE-2025-38728 : Linux kernel SMB3/kdmbd (ksmbd) mount path vulnerability. The issue stems from a missing check in parse_server_interfaces() under KASAN, enabling a slab-out-of-bounds read during a ksmbd mount. The bug is reported in the CIFS/SMB3 path with a read of size 4 at a kernel address du...

cifs: fix underflow in parse_server_interfaces()

...

PT-2025-36001

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's SMB3 implementation related to handling server interfaces during mounting to ksmbd. Specifically, a missing check in the parse server interfaces...

Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024188 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024183 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

kernel: cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

SUSE-SU-2024:2407-1 Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.15.21-1505001355 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26828: Fixed underflow in parseserverinterfaces bsc1223363...