38 matches found
Astra Linux – Vulnerability in connman
A issue was discovered in the DNS proxy of Connman through version 1.40. The implementation of the TCP server’s reply mechanism lacks a check to ensure that there is sufficient Header Data, resulting in an out-of-bounds read...
EUVD-2025-35094
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read...
fetchmail -- potential crash when authenticating to SMTP server
Matthias Andree reports: fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will...
SUSE CVE-2025-39927
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
AZL-71891 CVE-2025-39927 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
CVE-2025-39927
CVE-2025-39927 is addressed in the Linux kernel via a Ceph client race fix. The issue occurred when validating r_parent before applying MDS replies, risking stale parent inode references and applying state changes to the wrong directory inode. The fix adds validation to ensure the cached parent i...
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
Linux Distros Unpatched Vulnerability : CVE-2022-22936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks,...
Linux Distros Unpatched Vulnerability : CVE-2025-43857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibili...
go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies
A denial of service DoS vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients...
go-git clients vulnerable to DoS via maliciously crafted Git server replies
...
GO-2025-3367 Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git
Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git...
GHSA-R9PX-M959-CXF4 go-git clients vulnerable to DoS via maliciously crafted Git server replies
Impact A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. This is a go-g...
CVE-2025-21614 go-git clients vulnerable to DoS via maliciously crafted Git server replies
go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...
go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...
go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...
go-git: Maliciously crafted Git server replies can cause DoS on go-git clients
A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
...
Maliciously crafted Git server replies can cause DoS on go-git clients
...